Chief Information Security Officer (Onsite)

Pay Competitive

Location Atlanta/Georgia

Employment type Full-Time

Req#: 24998
Description

Job Summary

The Chief Information Security Office (CISO) is responsible for establishing strategy and direction for the enterprise's cybersecurity and privacy-related functions Collaborates with all stakeholders and provides leadership and management in the areas of cybersecurity, privacy, and risk. Leads the establishment of enterprise security stance by developing, implementing, and directing policy, architecture, prevention, detection, investigation, analysis and training processes. Has broad responsibilities to interface with internal and external stakeholders, Board of Directors, audit agencies, and regulators to establish communication, cooperation, and risk management in-line with Synovus' risk tolerance.

Job Duties and Responsibilities

• Develops and delivers comprehensive, system-wide information security strategies that are aligned with organizational goals, objectives and risk appetite. Provides vision, expertise and long range planning in the areas of cybersecurity risk identification, detection, protection, response, and recovery.
• Keeps abreast of the external environment for new risks, threats and vulnerabilities and their potential impact on information security, cybersecurity, and privacy.
• Maintains awareness of the external environment for new and emerging strategies and technologies to improve cybersecurity posture, reduce cyber risk exposure, and mitigate risks.
• Leads the effort to identify, evaluate, justify, and implement strategies and solutions which keeps cybersecurity maturity comparable to peer institutions. Develop and implement and strategies to remain aligned to larger institution cybersecurity capabilities to support Synovus' growth and increased regulatory and control requirements.
• Develops and implements people, processes, and technology strategies which drive improvements in efficiency, create scalability, and increase speed to detect and respond to security anomalies, threats and events. Initiates, facilitates, and promotes activities to create cybersecurity and privacy awareness within organization.
• Manages the development and implementation of companywide policies, standards, guidelines, and procedures to ensure ongoing maintenance of security and management of risks.
• Performs cybersecurity, privacy, and risk assessments of new systems and/or monitors existing systems for compliance with security, and privacy-related policies, procedures, and standards, referring problems to the appropriate stakeholders and following up on appropriate resolutions.
• Consults with senior IT and business leaders regarding their information, cybersecurity, and privacy risks and responsibility in minimizing those risks. Oversees ongoing system and network health checks on identified high risk network segments, systems, and applications.
• Oversees the creation and maintenance of information security privacy and policy programs for the company including information in electronic, print and other formats. Assures that information created, acquired or maintained by the company and authorized users is used in accordance with its intended purposes.
• Protects information and its infrastructure from external or internal threats. Assures that the company complies with statutory and regulatory requirements regarding information access, security and privacy. Performs security risk assessments. Collaborates on testing, audit and government compliance practices and the implementation of systems.
• Develops and implements an ongoing risk assessment program targeting information security and privacy matters. Recommends methods for vulnerability detection and remediation and oversee vulnerability testing. Recommends methods for detection, investigation, and reduction of risk and financial loss.
• Develops and implements an Incident Report and Security Incident Response Program which complies with all applicable regulatory requirements and follows industry best practices. Assures that procedures and processes contained within the Security Incident Response Program are tested on a regular basis to validate and demonstrate resiliency.
• Responds to alleged policy violations or complaints from external parties. Serves as the official point of contact for information security, privacy, financial crimes and security incidents. Handles information security and fraud-related incidents.
• Assures that retainer agreements are in place for key functions such as outside legal counsel and cyber forensics services. Develops and implements plans for ongoing exercises to test, evaluate, and enhance response plans. Keeps abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the company's mission.
• Holds quarterly meetings with Synovus' Chairman and CEO where the CISO will update the Chairman and CEO on the state of the Information Security program. Holds an annual review with the Risk Committee during its Executive Session where the CISO will provide updates on the status of the Bank's Information Security program.
• Manages the annual performance management and merit processes for direct and indirect reports. Coaches and develops team members and builds a work environment where team members are engaged and feel a positive sense of achievement about their role in the company. Works closely with Human Resources regarding employee relations, compensation, training, posting and filling vacant positions and other Human Resources related matters.
• Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise and report known or suspected violations to the appropriate Company authority in a timely fashion.
• Performs other related duties as required.

The information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Synovus is an equal opportunity employer committed to fostering an inclusive work environment.

Qualifications

Minimum Education:

• Bachelor's Degree in Computer Science, Information Systems, or related field. Master's Degree in a related discipline is preferred.

Minimum Experience:

• Fifteen years of Technology and Security work experience with an emphasis within regulated industries. Five years of leadership experience managing multiple, large, cross-functional teams and projects, influencing senior level management and key stake holders.

Required Knowledge, Skills, & Abilities:

• Leadership experience in managing multiple, large, cross-functional teams or projects
• Senior level management influence
• High proficiency in written and oral communication skills
• Ability to convert strategy to action
• Strong analytical skills with a view to map processes to automation tools