Chief Information Security Officer
The Chief Information Security Officer (CISO) reports to the Chief Banking Operations Officer and works closely with the Risk and Technology departments. The CISO is responsible for establishing and maintaining an information security program that ensures information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected. This role requires a visionary leader with deep knowledge of cybersecurity technologies and best practices.
- Establishing and maintaining global, strategic and comprehensive enterprise information security program to ensure that information assets are adequately protected
- Develop and maintain information security policies, standards and guidelines
- Oversee the approval, training, and dissemination of security policies, standards and guidelines
- Coordinate the development of implementation plans and procedures to ensure systems are recovered in the event of a security event
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
- Leading the enterprise's information security department, which would include hiring, training, staff development, performance management and annual performance reviews
- Partnering with executive management to determine acceptable levels of risk for the organization
Please see complete job description online.
How to Apply:
- Bachelor’s degree or an equivalent combination of education and experience
- Minimum of 10 years of progressively more responsible experience in a combination of information technology or information security roles to include at least five years of leadership experience
- Deep knowledge of cybersecurity technologies and best practices in addition to strong knowledge of information security risk management practices
- Experience with information security frameworks. Knowledge of NIST, ISO, SOC 2, PCI, and/or Cobit.
- Familiarity with Cyber Security Assessment Tool (CAT)
- Must have extensive knowledge of privacy and data protection laws, regulations and best practices, including GLBA
- Broad knowledge of current trends in information technology including practices supporting Cloud, DevSecOps, and Product Management
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
- Excellent analytical skills, the ability to manage multiple initiatives under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
- Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
Strong business acumen with excellent organizational, problem solving, influencing, and negotiating skills.
- Excellent day-to-day operating management skills – ability to execute coupled with a disciplined approach and an ability to effectively manage risk
- Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials