CHIEF INFORMATION SECURITY OFFICER

MUST HAVE : 10 years of experience in a combination of risk management, information security, and IT jobs in a larger banking environment.

MUST HAVE : In-depth understanding of Information Security, Business Continuity Planning, Disaster Recovery Planning, IT Regulatory Requirements, Risk Assessments, Access Management, Change / Configuration Management, Governance, Problem / Incident Management, Awareness and Training Programs.

MUST HAVE : CISA, CISSP, CISM, CRISC certifications or equivalent experience and willingness to obtain and expand certifications.

MUST HAVE : 10 years of supervisory experience; including managing professional leads and groups.

Salary : $175k-$205k depending on knowledge, skills, abilities, experience, and location.

Sunflower Bank, N.A. is looking for a highly motivated individual to fill the position of a full-time Chief Information Security Officer at our Denver, CO location.

The Chief Information Security Officer (CISO) leads the Information Technology (IT) Risk and Governance functions of the company and is responsible for defining the cybersecurity strategy for the organization to manage risk, protect client data and company resources. The IT Risk and Governance team is manages the following areas : Information Security, Business Continuity Management, Change Management, Data Privacy, along with operational IT governance responsibilities such as Risk Assessments, external reviews and audits, regulatory compliance, and associated IT policies, procedures and documentation. The CISO is also the acting Bank Security Officer and responsible for physical security, reporting to the Bank's Chief Risk Officer. The CISO will work with business and IT leaders to provide and maintain solutions which meet business and technical requirements by applying new and existing security technologies and solutions to solve business needs.

Primary Responsibilities

• Establish and maintain the enterprise vision, strategy, and program to ensure information assets, technologies, and data are protected.
• Define and administer the strategies and polices associated with Information Security and IT Compliance.
• Ensure the adequacy of security measures to protect the company's information systems to meet business needs and satisfy regulatory requirements and guidelines.
• Provide oversight of the team performing Information Security Functions including log monitoring, threat analysis, vulnerability management, impact analysis, and recommend action or remediation plans.
• Develop training and awareness to support information security and IT Risk objectives at various levels throughout the company.
• Work closely with IT Management to ensure implementation of appropriate IT controls, processes, procedures, systems, and security technologies.
• Work closely with Enterprise Risk Management to align IT Risk and Governance with the overall company risk program.
• Participate in tactical groups, committees, teams, and other meeting as needed to facilitate the integration and recognition of IT Risk and Governance Benefits into business company objectives.
• Stay current on new developments in IT risk practices, technologies, and regulatory changes and anticipate organizational modifications.
• May be required to fulfill responsibilities specific to Response and Recovery in support of established Emergency Management, Emergency Response, Business Recovery, and Crisis Management functions.
• Responsible for supporting IT Response, Business Continuity, and Disaster Recovery processes as they pertain to the continuity of operations for the enterprise.
• Responsible for performing periodic evaluations or assessments to ensure controls specific to data protection and Gramm Leach Bliley Act (GLBA) compliance are effective and efficient.
• Responsible for creating and defining policy related to the physical security controls implemented across the company.
• Perform the job in accordance with applicable industry laws and regulations as well as the policies and procedures established by the company.
• Responsible for upholding Fair and Responsible Banking practices and Code of Ethics and Conduct guidelines.
• Understand and participate in the Bank's Community Reinvestment Act program.
• Perform other duties as assigned.

Education / Experience

• Bachelor's Degree preferred.
• 10 years of experience in a combination of risk management, information security, and IT jobs in a larger banking environment.
• 10 years of supervisory experience; including managing professional leads and groups.
• CISA, CISSP, CISM, CRISC certifications or equivalent experience and willingness to obtain and expand certifications.
• Must possess in-depth understanding of Information Security, Business Continuity Planning, Disaster Recovery Planning, IT Regulatory Requirements, Risk Assessments, Access Management, Change / Configuration Management, Governance, Problem / Incident Management, Awareness and Training Programs.
• Must possess working knowledge of IT Frameworks such as NIST, CIS, COBIT and ITIL.
• Knowledge and / or experience with physical security controls and procedures.
• Must possess strong verbal / written skills and the ability to effectively interface with internal business clients, operations teams, technical engineering teams, internal audit, regulators, senior management, executive management, and the board.
• Must be a self-starter with the ability to work independently and to manage multiple tasks / projects in a disciplined and organized fashion while maintaining attention to detail.
• Analytical problem-solving skills and the ability to evaluate areas of non-compliance and associated risk implications to the business.
• Ability to motivate and manage employees to produce quality products and services.
• Must be able to work flexible hours.

Employees enjoy outstanding benefits, including :

• 401(k) Plan with 6% Match
• Company-paid Life Insurance
• Tuition Reimbursement
• Fitness Reimbursement
• Paid Time Off
• Paid Holidays
• Plus many more employee perks & incentives!

People choose to "bank" with us, but for those we serve, we're more than a bank. We strive to be the financial backbone of their lives and we know that starts with our team.

If you qualify, apply online at www.sunflowerbank.com / careers.

You've never worked anyplace like Sunflower Bank!

EOE / AA : Minorities / Females / Disabled / Vets

Open until filled; early application encouraged. This vacancy announcement may be used to fill similar positions within 90 days.

If you are a California resident, you may be entitled to certain rights regarding your personal information, which is information that identifies, relates to, or could reasonably be linked with a particular California resident or household. Additional information about our data collection practices and location specific notices is available on our privacy policy.

Chief Information Security Officer

Hybrid options available.

MUST HAVE : 10 years of experience in a combination of risk management, information security, and IT jobs in a larger banking environment.

MUST HAVE : In-depth understanding of Information Security, Business Continuity Planning, Disaster Recovery Planning, IT Regulatory Requirements, Risk Assessments, Access Management, Change / Configuration Management, Governance, Problem / Incident Management, Awareness and Training Programs.

MUST HAVE : CISA, CISSP, CISM, CRISC certifications or equivalent experience and willingness to obtain and expand certifications.

MUST HAVE : 10 years of supervisory experience; including managing professional leads and groups.

Salary : $175k-$205k depending on knowledge, skills, abilities, experience, and location.

Chief Information Security Officer • Denver, CO, US