Logo
Lone Star National Bancshares

Chief Information Security Officer

Lone Star National Bancshares, Mcallen, Texas, United States, 78501

Save Job

Job Details

Job Location Data Center - McAllen - McAllen, TX

Description

JOB SUMMARY

The CISO is responsible for providing leadership and strategic vision across diverse teams that support global enterprise security initiatives. Regulations, compliance, privacy, business operational security, supply chain and business partner relationships fall directly under the purview of the CISO. The CISO directs the overall planning and execution of enterprise security systems, using operational and tactical expertise to direct security management reports, who oversee analysts, engineers, and architects. As a business enabler, the CISO ensures business decisions are not hampered by security but adhere to corporate security policies and are implemented with security in mind. The CISO champions a flexible, highly adaptable, and secure operating business environment.

The CISO is expected to be a master communicator who is confident but humble, and capable of speaking effectively with other C-level executives, as well as members of the board of directors and audit committees. Additionally, the CISO must possess a strong security practitioner background and the ability to effectively collaborate with technical staff. The ideal CISO is a people person who focuses on building a synergistic team where employees are valued, challenged to achieve excellence, have autonomy and enjoy working for the company. Recruitment, career development and retention of security staff are top priorities. As the leader of the information security program, the CISO establishes highly effective policies, corporate protocols and an open and collaborative team environment.

The CISO must have a strong technical background and fully understand threats, risk mitigation and technical controls to lead a team of security professionals through corporate obligations and defenses. The CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under his or her leadership. The CISO reports to the chief risk officer (CRO) and chief executive officer.

ESSENTIAL DUTIES

The duties listed below may not include all responsibilities that the person in this role may be asked to perform. Incumbent may be required to perform other related duties, as assigned, including cross training across other departments, as necessary.

•Directs and provides a strategic risk management vision that scales globally to effectively secure the business without slowing company innovation and execution. •Drives a strong security culture within the security department, but also organization-wide across management and employees. •Influences internal and external constituents, and relays best practice recommendations based on the evolving threat landscape to protect bank information and ensure compliance. •Focuses on building out a security ambassador program to expand the depth and reach of security across the business. •Defines key performance indicators (KPIs) and metrics that align with the bank's initiatives and delivers them to non-technical individuals in an effective, understandable manner. •Facilitates security governance across the bank in conjunction with an information security and information technology steering committee and advisory board. •Is accountable for thorough enterprise security policies, security technology architecture, protecting against emerging threats, and active monitoring and response objectives. •Frequently interacts with business units to understand their plans, risk posture and tolerance, and how information security can securely enable them to execute their vision and business obligations. •Plays a key role in disaster recovery and business continuity. •Works closely with the CIO, chief technology officer (CTO), chief risk officer (CRO) and chief security officer (CSO) to safeguard virtual and physical assets, and ensure adequate budget is allocated. •Motivates employees to maximize rigorous system security controls and focuses on implementing the basics, reducing complexity and establishing a security maturity model that is tracked and adaptable to necessary changes. •Analyzes opportunities for security technology advancement to establish highly effective solutions designed to prevent and detect advanced threats to the company networks and systems. •Reports regularly to senior management and boards, keeping them abreast of the threat landscape and the tactical controls and strategic plans to achieve success. •Makes process improvements to allow for effective automation and orchestration to maximize team talent and streamline routine tasks. •Actively recruits and leads by example to create a culture where employees want to work. Leads with humility and is respectful to all. Connects with higher education to build a pipeline of interns and future employees. •Mentors the security team and places a heavy emphasis on employee retention - is a people-first leader. •Requires and schedules independent verification and validation testing of the company networks and sensitive programs using both internal team resources and engagements with independent consultants. •Facilitates third-party audit reviews of internal departments and reports results to management and security oversight committees. •Heavily involved with business units for stringent vetting and continual assessment of the supply chain. •Works with business units toward responsible use of artificial intelligence (AI) and machine learning (ML). •Optimizes and secures cloud infrastructure and applications required to support a remote workforce. •Strong believer in enhancing employee skills and promoting training, use of cyber range skill improvement, and breach and attack simulation (BAS) solutions. •Requires periodic awareness training for company employees on information security topics and allocates security budget to train technical staff members. •Openly supports the organization, the management team and executive leadership team, even during times of adversity. •Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization. Develops, maintains and documents IT security programs according to regulatory compliance requirements. •Maintains current knowledge of internal risk controls and loss prevention, including reporting of suspicious or unusual customer activity per Bank policy, and ensures adherence by the respective department personnel •Maintains current knowledge and complies with all federal and state laws and regulations and all established Bank policies and procedures, including internal audit controls related to department operations, and ensures adherence by the respective department personnel •Maintains current knowledge of all rules, regulations, and laws as they apply to BSA/OFAC/USA Patriot Act/CIP/AML, and ensures adherence by the respective department personnel

Qualifications

QUALIFICATIONS

These specifications are general guidelines based on the minimum experience normally considered essential to the satisfactory performance of this position. The requirements listed below are representative of the knowledge, skill and/or ability required to perform the position in a satisfactory manner. Individual abilities may result in some deviation from these guidelines.

•Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent. Advanced degree not required, but an MBA or master's degree in information assurance/technology is preferred. •Preferably 10-15+ years' management experience, with 5-8+ years' technical hands-on security, audit and risk management practitioner experience in the financial industry •At least 5 years' experience working with business leaders holding fiscal responsibilities. •Strong written and oral communication skills across varying levels of the organization. •Understanding of service design, delivery concepts and control frameworks. •Solid organizational skills and the ability to multi-task, prioritize workloads and delegate responsibilities. •Proven ability to receive security team recommendations and act assertively to support objectives. •Effective stress management in a constantly changing environment. •Highly focused on building and implementing a strong, cohesive team and security culture. •Excellent judgment and the ability to make quick decisions when working with complex situations. •Forward thinking with strong business acumen and flexibility. •Ability to motivate the team to achieve excellence and give credit where it is due. •High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism. •Ability to work effectively with a variety of personalities and adapt to effectively reach and develop the team. Uses this skill as well as functional knowledge to both earn and maintain a high level of credibility with the team. •Experience in developing policies, procedures and project plans •Skills must include personal computer experience with working knowledge of Microsoft Office Professional •Visual and mental concentration are necessary for accurately performing tasks, working at computer for long periods of time, working in a fast-paced environment and handling frequent interruptions •Position requires extended periods of sitting •Bilingual in English and Spanish is desired

ORGANIZATION

•This position reports to the Chief Risk Officer •This position oversees the IS Supervisor, SEIM Security Engineer, Sr. Security Analyst/Administrator, IS Analyst.

TRAINING REQUIREMENTS

All employees are required to attend scheduled mandatory trainings and complete online regulatory compliance training courses applicable to their specific job function. In all situations, employees must ensure that their actions fully comply with all federal banking laws and regulations, including internal bank policies and procedures. Failure to adhere to these requirements will be grounds for disciplinary action, including probation and possible termination.

COMMUNITY INVOLVEMENT

Lone Star National Bank's Mission Statement includes a commitment to helping our communities grow by serving them with pride and integrity. All employees are encouraged to volunteer for bank sponsored activities, civic, charitable and community events and to be active in the communities we serve.

LSNB is an Equal Opportunity/Affirmative Action Employer and does not discriminate in the recruitment, hiring, and conditions of employment on the basis of race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, marital status, disability, age, veteran status, or any other status as protected by applicable laws.

Management reserves the right to change this position description at any time according to business needs.