We are currently seeking a Director of Information Security to join our cybersecurity leadership team. This position reports directly to the Chief Information Security Officer (CISO) and will be accountable for multiple cybersecurity governance and risk management functions. Candidates with diverse backgrounds and mindsets to drive a holistic approach to cybersecurity are encouraged to apply. We are looking for relevant, collaborative leadership experience, proven execution ability and technical cybersecurity competency as key indicators of success for this role.
Responsibilities:
- Develop strategies to improve the bank’s security posture and support enabling technologies to achieve business growth
- Working directly with the CISO, define and measure the execution of the cybersecurity roadmap and facilitate reporting to all stakeholders (CEO, COO, CRO, Board of Directors)
- Lead and inspire multiple teams responsible for cybersecurity strategy, governance, risk assessment, resilience, compliance, and awareness/engagement functions
- Implement strategies to attract, develop and retain exceptional, diverse cybersecurity talent
- Foster collaborative working relationships with security stakeholders across the bank (IT, operations, supply chain, business lines, risk management, and internal audit)
- Facilitate the delivery of accurate and timely information delivery during audits and regulatory exams by building the assurance/evidence into cybersecurity operations and governance activities
- Oversee management of cybersecurity tools, contracts, budgets, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements
- Early wins will include:
- Improve the consistency, quality, and efficiency of risk reporting, cyber health dashboards and scorecards, and reporting to the Board of Directors
- Enhance the planning, measurement, and response capabilities of the cyber resiliency practice
Qualifications:
- 10+ years of enterprise cybersecurity or relevant technology/risk management experience
- 2+ years of experience directing the activities of other managers running cybersecurity or technology teams
- Broad, current knowledge of cybersecurity domains, technologies, and vendor capabilities
- Experience implementing and measuring cybersecurity maturity with frameworks such as NIST CSF and FFIEC CAT
- Exceptional communication skills, including written deliverables, oral presentations, and the ability to facilitate crucial conversations at all levels of the organization
- Track record of leading enterprise projects and cross-functional initiatives to success, on time and within budget
- Hands-on experience leading one or more of the following functions is required: GLBA/privacy, third-party risk management, cyber resilience planning/response, strategy/board reporting
- Experience working directly with regulatory agencies and managing regulatory examinations is highly beneficial
This position requires regular face-to-face interaction with teams, business stakeholders, and executives in Salt Lake City, Utah. We will consider candidates in the area, able to relocate to the area, or working remotely but willing to travel regularly to Salt Lake City.
