Vast Bank
Job Details
Job Location Elgin Corporate Headquarters - Tulsa, OK
Position Type Full Time
Education Level 4 Year Degree
Job Shift Day
Job Category Banking
Description
Vast Bank is looking to hire an Executive Vice President, Chief Information Security Officer
About Vast Bank
Since February of 1982, we've been a financial institution that has served customers in Northeast Oklahoma and beyond. Our deep roots in the community and commitment to personal service have enabled us to grow alongside our customers, creating conveniences and solutions to fit unique problems and lifestyles. For over 40 years, we've built a legacy on personal service, flexibility, strength, and integrity. Now, with bold leadership and a renewed commitment to customer-centricity, we're aiming higher for the next 40 years. New ideas, strong partnerships, and modern technology will accompany a winning culture to deliver more control and a surprisingly easy banking experience.
We're a company that believes in taking care of the people who make working here possible. In addition to competitive compensation, we offer a leading employee benefit package: Comprehensive benefits package & 401(k) match Professional development- opportunities for advancement! Tuition assistance Transit reimbursement Paid time off & more! Qualifications
Summary Of Role
The Chief Information Security Officer (CISO) serves as the Bank Security Officer and is responsible for the strategic direction and overall operations of Vast Bank's information security program. The CISO develops and implements a comprehensive information security program to safeguard the bank's customers, employees, and assets. This position is responsible for overseeing the bank's physical security in compliance with all relevant regulations. The CISO is accountable for providing executive-level reporting and oversight of the bank's information security program. In this role, the CISO will work closely with internal and external stakeholders, including regulatory bodies, to ensure compliance with all applicable laws, regulations, and industry standards.
Major Duties and Responsibilities
Develop and implement a comprehensive board-approved information security program to protect the bank's customers, employees, and assets, including physical security, information systems, networks, and data. Develop and implement an information security strategy aligned with the board-approved information security program. Develop and implement appropriate policies, standards, and procedures to support the information security program. Assess the effect of security threats and incidents on the bank and its lines of business and process. Delineate clear lines of responsibility and communicate accountability for information security. Adhere to board-approved risk thresholds relating to information security threats or incidents, including those relating to cybersecurity. Oversee and report on the management and mitigation of information security risks across the institution. Identify, assess, measure, and monitor information security risk. Coordinate information and physical security. Integrate security controls throughout the institution, including supporting appropriate segregation of duties. Develop, implement, and mature business continuity and cybersecurity incident management plans, testing, and response across the Enterprise. Devise strategies to monitor and address current and emerging security risks and incorporate the strategies into the security program. Provide information security and awareness training and ongoing security-related communications to employees, and ensure employees complete such training annually. Focus on continuously maturing and enhancing the control and security posture. Provide reporting to the Board describing the overall status of the Vast security program and material matters as defined in the FFEIC guidelines. Understand and document the flow of information through the organization, including the risks posed to that information and the controls to protect it. Serve as a liaison with external security organizations and regulatory bodies. Foster a culture of collaboration and shared values that inspire individuals and teams to strive for continuous improvement. Must comply with applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Ensure compliance with all applicable laws, regulations, and industry standards, such as the Gramm-Leach-Bliley Act (GLBA), Office of Foreign Assets Control (OFAC), Federal Financial Institutions Examination Council (FFIEC), etc. INDEPENDENT OVERSIGHT OF SECURITY & TECHOLOGY COMPLIANCE
The Chief Information Security Officer (CISO) shall have direct and independent access to the Information Technology and Audit and Risk Committees, and the Chairperson of the Board for all security and compliance matters. The CISO will provide routine reports and regular updates to the Board or respective Committees, ensuring transparent oversight of the Bank's information security posture. This includes a standing agenda item for security concerns or escalations in regular Committee meetings. The Board shall ensure the CISO maintains the authority, autonomy, and resources necessary to fulfill his or her responsibilities.
Knowledge & Skills
Experience
Minimum of 10 years of experience in information security, with at least 5 years of experience in a senior leadership role. Facilities management and engineering experience with preference provided to industry experience managing similar services in financial and regulated institutions. Education/Certifications/Licenses
Bachelor's degree in computer science, information technology, and or in, related field. CISA, CISSP, CISM, or other relevant certifications are preferred. Interpersonal Skills
A significant level of trust and diplomacy is required to be an effective subject matter expert in theposition. In-depth dialogues, conversations and explanations with customers, direct and indirect reportsand outside vendors of a sensitive and/or highly confidential nature is a normal part of the day-to-dayexperience. Communications can involve motivating, influencing, educating and/or advising others onmatters of significance.
Role Important Behavioral Skills
Strong knowledge of information security laws, regulations, and industry standards. Experience with risk management, incident response, and disaster recovery. Strong leadership and team management skills. Exceptional communication and presentation skills. Flexible and adaptable; able to work in ambiguous situations. Able to maintain confidentiality, trust, diplomacy, and composure. Service oriented with excellent decision-making skills. Flexible and adaptable; able to work in ambiguous situations. Vendor and professional relationship management.
ADA Requirements
Physical Requirements
Is able to bend, sit, and stand in order to perform primarily sedentary work with limited physical exertion and occasional lifting of up to 10 lbs. Must be capable of climbing / descending stairs in an emergency situation. Must be able to operate routine office equipment including computer terminals and keyboards, telephones, copiers, facsimiles, and calculators. Must be able to routinely perform work on a computer for an average of 6-8 hours per day, when necessary. Must be able to work extended hours or travel off site whenever required or requested by management. Must be capable of regular, reliable, and timely attendance.
Working Conditions
Must be able to routinely perform work indoors in climate-controlled shared work area with minimal noise.
Mental and/or Emotional Requirements
Must be able to perform job functions independently or with limited supervision and work effectively either on own or as part of a team. Must be able to read and carry out various written instructions and follow oral instructions. Must be able to complete basic mathematical calculations, spell accurately, and understand computer basics. Must be able to speak clearly and deliver information in a logical and understandable sequence. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising the highest level of discretion on both internal and external confidential matters.
EEO Statement It is the policy of Vast Bank to afford equal opportunity in all phases of employment without regard to an individual's race, color, creed, religion, gender, national origin, age, disability, marital status, ancestry, sexual orientation, unfavorable military discharge for qualified individuals with disabilities, and for qualified disabled veterans and veterans of the Vietnam era, to the extent required by applicable local, state and federal law.
Job Location Elgin Corporate Headquarters - Tulsa, OK
Position Type Full Time
Education Level 4 Year Degree
Job Shift Day
Job Category Banking
Description
Vast Bank is looking to hire an Executive Vice President, Chief Information Security Officer
About Vast Bank
Since February of 1982, we've been a financial institution that has served customers in Northeast Oklahoma and beyond. Our deep roots in the community and commitment to personal service have enabled us to grow alongside our customers, creating conveniences and solutions to fit unique problems and lifestyles. For over 40 years, we've built a legacy on personal service, flexibility, strength, and integrity. Now, with bold leadership and a renewed commitment to customer-centricity, we're aiming higher for the next 40 years. New ideas, strong partnerships, and modern technology will accompany a winning culture to deliver more control and a surprisingly easy banking experience.
We're a company that believes in taking care of the people who make working here possible. In addition to competitive compensation, we offer a leading employee benefit package: Comprehensive benefits package & 401(k) match Professional development- opportunities for advancement! Tuition assistance Transit reimbursement Paid time off & more! Qualifications
Summary Of Role
The Chief Information Security Officer (CISO) serves as the Bank Security Officer and is responsible for the strategic direction and overall operations of Vast Bank's information security program. The CISO develops and implements a comprehensive information security program to safeguard the bank's customers, employees, and assets. This position is responsible for overseeing the bank's physical security in compliance with all relevant regulations. The CISO is accountable for providing executive-level reporting and oversight of the bank's information security program. In this role, the CISO will work closely with internal and external stakeholders, including regulatory bodies, to ensure compliance with all applicable laws, regulations, and industry standards.
Major Duties and Responsibilities
Develop and implement a comprehensive board-approved information security program to protect the bank's customers, employees, and assets, including physical security, information systems, networks, and data. Develop and implement an information security strategy aligned with the board-approved information security program. Develop and implement appropriate policies, standards, and procedures to support the information security program. Assess the effect of security threats and incidents on the bank and its lines of business and process. Delineate clear lines of responsibility and communicate accountability for information security. Adhere to board-approved risk thresholds relating to information security threats or incidents, including those relating to cybersecurity. Oversee and report on the management and mitigation of information security risks across the institution. Identify, assess, measure, and monitor information security risk. Coordinate information and physical security. Integrate security controls throughout the institution, including supporting appropriate segregation of duties. Develop, implement, and mature business continuity and cybersecurity incident management plans, testing, and response across the Enterprise. Devise strategies to monitor and address current and emerging security risks and incorporate the strategies into the security program. Provide information security and awareness training and ongoing security-related communications to employees, and ensure employees complete such training annually. Focus on continuously maturing and enhancing the control and security posture. Provide reporting to the Board describing the overall status of the Vast security program and material matters as defined in the FFEIC guidelines. Understand and document the flow of information through the organization, including the risks posed to that information and the controls to protect it. Serve as a liaison with external security organizations and regulatory bodies. Foster a culture of collaboration and shared values that inspire individuals and teams to strive for continuous improvement. Must comply with applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Ensure compliance with all applicable laws, regulations, and industry standards, such as the Gramm-Leach-Bliley Act (GLBA), Office of Foreign Assets Control (OFAC), Federal Financial Institutions Examination Council (FFIEC), etc. INDEPENDENT OVERSIGHT OF SECURITY & TECHOLOGY COMPLIANCE
The Chief Information Security Officer (CISO) shall have direct and independent access to the Information Technology and Audit and Risk Committees, and the Chairperson of the Board for all security and compliance matters. The CISO will provide routine reports and regular updates to the Board or respective Committees, ensuring transparent oversight of the Bank's information security posture. This includes a standing agenda item for security concerns or escalations in regular Committee meetings. The Board shall ensure the CISO maintains the authority, autonomy, and resources necessary to fulfill his or her responsibilities.
Knowledge & Skills
Experience
Minimum of 10 years of experience in information security, with at least 5 years of experience in a senior leadership role. Facilities management and engineering experience with preference provided to industry experience managing similar services in financial and regulated institutions. Education/Certifications/Licenses
Bachelor's degree in computer science, information technology, and or in, related field. CISA, CISSP, CISM, or other relevant certifications are preferred. Interpersonal Skills
A significant level of trust and diplomacy is required to be an effective subject matter expert in theposition. In-depth dialogues, conversations and explanations with customers, direct and indirect reportsand outside vendors of a sensitive and/or highly confidential nature is a normal part of the day-to-dayexperience. Communications can involve motivating, influencing, educating and/or advising others onmatters of significance.
Role Important Behavioral Skills
Strong knowledge of information security laws, regulations, and industry standards. Experience with risk management, incident response, and disaster recovery. Strong leadership and team management skills. Exceptional communication and presentation skills. Flexible and adaptable; able to work in ambiguous situations. Able to maintain confidentiality, trust, diplomacy, and composure. Service oriented with excellent decision-making skills. Flexible and adaptable; able to work in ambiguous situations. Vendor and professional relationship management.
ADA Requirements
Physical Requirements
Is able to bend, sit, and stand in order to perform primarily sedentary work with limited physical exertion and occasional lifting of up to 10 lbs. Must be capable of climbing / descending stairs in an emergency situation. Must be able to operate routine office equipment including computer terminals and keyboards, telephones, copiers, facsimiles, and calculators. Must be able to routinely perform work on a computer for an average of 6-8 hours per day, when necessary. Must be able to work extended hours or travel off site whenever required or requested by management. Must be capable of regular, reliable, and timely attendance.
Working Conditions
Must be able to routinely perform work indoors in climate-controlled shared work area with minimal noise.
Mental and/or Emotional Requirements
Must be able to perform job functions independently or with limited supervision and work effectively either on own or as part of a team. Must be able to read and carry out various written instructions and follow oral instructions. Must be able to complete basic mathematical calculations, spell accurately, and understand computer basics. Must be able to speak clearly and deliver information in a logical and understandable sequence. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising the highest level of discretion on both internal and external confidential matters.
EEO Statement It is the policy of Vast Bank to afford equal opportunity in all phases of employment without regard to an individual's race, color, creed, religion, gender, national origin, age, disability, marital status, ancestry, sexual orientation, unfavorable military discharge for qualified individuals with disabilities, and for qualified disabled veterans and veterans of the Vietnam era, to the extent required by applicable local, state and federal law.