SVP, Chief Information Security Officer

Capital Bancorp Plc - Rockville, MD

posted 3 months ago

Full-time - Senior
Rockville, MD
1,001-5,000 employees
Credit Intermediation and Related Activities

About the position

The Chief Information Security Officer (CISO) at Capital Bank N.A. is a pivotal role responsible for leading the Bank's Corporate Information Security, Cybersecurity/Information Security Risk, GLBA Compliance, Business Continuity, Incident Response, and all related information security monitoring programs. This position is critical in ensuring the protection of the Bank's information assets and involves providing innovative leadership and guidance to Executive Management and the Board of Directors. The CISO will be accountable for planning, developing, directing, and operating a comprehensive information security and privacy program that aligns with applicable laws, rules, and regulations. This role is both strategic and hands-on, assisting the Bank in effectively managing and mitigating various risks including cyber, information security, operational, privacy, and resiliency risks. The CISO will collaborate closely with the Chief Information Officer (CIO) and the Board Risk Committee to develop risk appetite statements, frameworks, and thresholds that reflect the Bank's size and complexity. This includes enhancing governance through the establishment of programs, standards, policies, and procedures aimed at addressing and mitigating risks. The CISO will also manage and report on the state of the Bank's Cyber, Information Security, Operational, and Resiliency Risk to Executive Management and the Board, promoting a strong risk culture characterized by accountability and awareness. In addition, the CISO will oversee the implementation of information security directives from regulatory bodies, manage third-party vendor risks, and ensure effective end-user controls. The role requires partnering with business stakeholders to ensure that business requirements for risk management are met and that relevant governance is applied consistently across all technology projects. The CISO will also be responsible for developing and managing internal social engineering campaigns, conducting training, and reporting results to management. The CISO will lead the development of the annual Cyber, Information Security, and Resiliency Risk Management Strategic Plans, stay current on regulatory changes and threats, and manage the information security monitoring program. This includes overseeing user access reviews, updating the Cyber Assessment Tool, and leading incident response activities. The CISO will also be involved in hiring and developing a strong information security team, ensuring that the team is recognized and managed effectively.

Responsibilities

  • Develop Board approved risk appetite statements, frameworks, tolerances, and thresholds for all areas of responsibility.
  • Enhance Bank governance, including programs, standards, policies, and procedures to mitigate risks.
  • Manage and report on the state of the Bank's Cyber, Information Security, Operational, and Resiliency Risk to Executive Management and the Board.
  • Promote a strong risk culture characterized by risk awareness and accountability.
  • Implement, manage, and enforce Information Security directives from regulatory bodies.
  • Identify Cyber, Information Security, Operational, and Resiliency Risk of Third-Party Vendors and support the Third-Party Risk Program.
  • Ensure effective end user controls for third-party vendors accessing bank confidential information.
  • Partner with business stakeholders to address business requirements for risk management.
  • Ensure consistent application of bank governance across all technology projects.
  • Develop and manage internal social engineering campaigns and conduct training based on results.
  • Develop annual Cyber, Information Security, and Resiliency Risk Management Strategic Plans.
  • Stay current on regulatory changes and new threats, developing risk mitigation plans.
  • Manage all aspects of the information security monitoring program.
  • Oversee quarterly user access reviews and ensure updates are made accordingly.
  • Update the Bank's Cyber Assessment Tool and report on the status of the program.
  • Declare security incidents and lead incident response activities when applicable.
  • Partner with the CRO for regulatory notifications during incidents.
  • Identify key risk indicators and performance indicators for relevant risks.
  • Lead Cyber, Information Security, and Resiliency Risk Assessment Programs and ensure assessments are completed annually.
  • Ensure audit scopes evolve with the bank's growth and are accurate and complete.
  • Deliver timely and accurate annual reports for regulatory compliance.
  • Hire, develop, and retain a strong information security team.

Requirements

  • 15+ years of experience in regulated financial institutions, with at least 7+ years in an information security or cybersecurity leadership role at a $5 billion+ asset sized bank.
  • Prior experience as a CISO required.
  • Certified Information Systems Security Professional (CISSP) required.
  • Other relevant security industry certifications such as CISA, CISM, CRISC, CCSP, PCI-QSA are a bonus.
  • Bachelor's degree in relevant field or equivalent work experience.
  • Regulatory Examination experience required; OCC experience preferred.
  • Ability to appropriately scale areas of leadership to the growth trajectory of the bank.
  • Demonstrated organization, facilitation, written and oral communication, and presentation skills.
  • Highly developed relationship management, negotiation, and leadership skills.

Nice-to-haves

  • Experience with state information security laws such as California Privacy Right Acts (CPRA) and Virginia Consumer Data Protection Act (VCDPA).
  • Strong knowledge of IT and Security Risk Frameworks and Risk Assessments.

Benefits

  • Competitive salary and performance bonuses.
  • Comprehensive health insurance coverage.
  • 401(k) retirement savings plan with company matching.
  • Paid time off and holidays.
  • Professional development opportunities and training programs.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service