SECURITY RISK AND COMPLIANCE DIRECTOR

The Director of Security and Privacy Compliance is vested with the authority to facilitate the development, implementation, and maintenance of an effective enterprise information security and privacy program whose capabilities are within the upper quartile of banks. The primary objective is to lead a team that provides security and privacy governance, reporting and supporting activities that ensures compliance to the banks security and privacy policies while complying with relevant regulations, state and federal law and industry frameworks.

Reporting directly to the Chief Information Security Officer, the Director will be ensuring adherence to FFIEC, NIST control frameworks, and all applicable financial services regulatory requirements and preparing reporting on program effectiveness for risk committees, the Board of Directors, and Regulators. The role involves identifying, evaluating, and reporting on legal, regulatory, IT, 3rd party, cybersecurity and privacy risks to information assets. The Director will work closely with various business units, IT teams, and senior management to develop and implement comprehensive security and privacy governance strategies and policies, and procedures that align with the banks risk appetite and business objectives.

• Design, implement and maintain the banks privacy program, policies and procedures aligned with GLBA and regulatory requirements.
• Support governance activities of the information security program that ensure appropriate levels of confidentiality, integrity and availability are applied and maintained to protect restricted and confidential data stored, transmitted or processed by the organization.
• Establish standards for data classification, access controls, and data lifecycle management to safeguard restricted personal identifiable information (PII) and confidential financial data.
• Provide reporting on the information security and privacy program to enterprise risk teams, senior business leaders, and the board of directors. Reporting would include all FFIEC and GBLA and state regulatory requirements.
• Partner effectively with 2nd and 3rd line risk organizations and business units to facilitate security and privacy risk assessments and risk management processes aligned with the bank risk appetite.
• Partner with the business and risk owners to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable regulatory requirements, such as state data privacy laws.
• Define and facilitate the processes for information security and privacy risk assessments, including the reporting and oversight of treatment efforts to address negative findings.
• Maintain the cyber incident response plan to ensure that business-critical services are recovered in the event of a security event; provide support, and in-house consulting in these areas.
• Facilitate an information security governance structure through the support and oversight of the security program, including the facilitation of the security risk steering committee.
• Develop, maintain, socialize, and coordinate approval of security and privacy governance policies.
• Direct the creation of a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program.

What youll need :

• Minimum of 12+ years enterprise level experience in a senior leadership role for a regulated financial services firm, focusing on risk management, information security, and regulatory compliance.
• A Bachelors degree with focus in a Business or Technical area is required. Masters degree in cyber security or computer science is a plus.
• Intermediate to advanced knowledge of general Financial Services or Banking is preferred.
• Intermediate to advanced knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards and practices.
• Advanced to expert experience in managing highly skilled Cyber technology teams and being responsible for the execution KPIs and timelines.
• Advanced to expert ability to analyze a variety of data and summarize findings in applicable reports or other communication mediums. Utilize data to identify areas of improvement and opportunities for growth by collaborating with business and tech leads.
• Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or other similar credentials are required.
• Knowledge of common information security management frameworks, such as ISO / IEC 27001, ITIL, COBIT, and those from NIST, including 800-53 and Cybersecurity Framework.
• Experience in financial services industry with proven regulatory and compliance discipline.
• Excellent verbal and written communication skills with the ability to communicate complex issues to technical and non-technical audiences, senior management, and regulatory agencies.
• Proven ability to build strong, cohesive partnerships with business, operations, and technology leadership and work effectively in a matrix organization.
• Proven leadership skills; ability to lead, manage, develop and motivate a team.
• Must be both strategic and hands-on with the ability to navigate between the two.
• Outstanding interpersonal skills (i.e., listening, coaching, and facilitating).
• Effective at managing multiple deliverables in a fast-paced environment and successfully executing a plan for desired results.
• Occasional Travel Required.

Benefits youll love :

We offer all the important things youd want - like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program. In addition, youll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!

About the company :

Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona, Alliance Association Bank, Bank of Nevada, Bridge Bank, First Independent Bank, and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC. AmeriHome Mortgage is a Western Alliance Bank company.

Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race, sex, color, religion, age, nation origin, marital status, disability, protected veteran status, sexual orientation, gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and / or need an alternative method of applying, please email [emailprotected] or call 602-386-2488. When contacting us, please provide your contact information and state the nature of your accessibility issue. We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.

Western Alliance Bancorporation

J-18808-Ljbffr

Director Risk And Compliance • Town of Texas, WI, United States