This position serves as a key resource supporting and helping to mature the Information Security Program. The VP, Information Security Governance will support the Information Security Program, will advise on governance, and will provide guidance on information security compliance and best practices as part of a chartered department serving as a second line of defense role. Through a risk-based approach, the VP, Information Security Governance will provide consulting on information security to both Information Technology (IT) and business units. This position will advise on activities necessary to assess and protect the confidentiality, integrity, and availability of Bank information and systems. This is a hybrid position that requires in office hours.

Education and Experience Requirements:

• Bachelor of Science in Information Technology or Information Security is required, or a bachelor’s degree in any field combined with 3 or more years of on-the-job experience with security controls required.
• A minimum of seven (7) years’ progressive experience is required in any combination of the following: IT, IT Audit, IT or Security Risk, Cyber Security, Information Security, or IT/Cyber controls adjacent department.
• Excellent leadership, coaching, teaching, collaboration and mentoring skills to drive results in cross functional teams

Preferred certifications include but are not limited to:

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)

Knowledge, Skill, and Ability Requirements:

• Strong knowledge of privacy, information security standards and best practices.
• Experience implementing and providing oversight for information security standards in a complex business environment.
• Experience with risk assessment processes and practices.
• Able to build and maintain strong relationships across the organization, including multiple business units and senior leadership.
• Proven project management skills.
• Proven ability to think strategically about business, risk, and technical challenges impacting IT security.
• Excellent communication skills with all levels of management and outside vendors, technical and non-technical users.
• Must have excellent research, analytical, and documentation skills.
• Ability to work independently and within a team.

Essential Functions:

• Perform duties within the second line of defense in the three lines of defense model.
• Advise on security architecture in line with FFIEC guidance, framework alignment (NIST, CIS), and security best practices.
• Participate in determining security requirements for new products and services.
• Lead a team of information security professionals.
• Help ensure IT compliance with technical portions of applicable regulations and guidelines.
• Perform risk assessments and attestations of controls to author executive level reports and memorandums of the outcomes.
• Perform due diligence security reviews on the Bank’s existing and proposed new third-party vendors.
• Maintain, track, and report to senior leadership a register of information security related identified control gaps and their associated risks through remediation.
• Participate in and assist with facilitating tabletop exercises.
• Document Information Security Standards.
• Contract reviews for new or modified external vendor services.
• Monitor the cyber health of third parties who house Bank information.
• Run the Bank’s self-phishing campaign program.
• Provide second line of defense support and challenge for IT audit findings.
• Serve as a voting member on Bank Committees representing Information Security.
• Provide input for the process of configuration changes to maintain a highly available and secure environment.
• Advise on security architecture for networking, infrastructure, applications and cloud environments.
• Provide security input and best practice guidance for disaster recovery.
• Assist with governance for vulnerability assessments, penetration testing, and risk assessments.
• Provide collaboration throughout the Bank in data security matters to ensure compliance with all established data security policies and procedures.
• Assist with the evaluation and recommendation of new Information Security systems.
• Review current processes and procedures for technical portions of IT compliance, recommend improvements for higher maturity.
• Research and evaluate proposed security capability solutions for adherence to documented Bank standards, policies, guidelines, and technical portions of regulatory requirements.
• Perform gap analyses.
• Participate in various projects to advise on Information Security requirements and governance.
• Make security decisions in a crisis on behalf of the CISO if the CISO is not available.
• All employees have the responsibility and the accountability to serve as risk managers for their businesses by understanding, reporting, responding to, managing and monitoring the risk they encounter daily as required by Dollar Bank’s risk management program. Compliance with regulatory laws and company procedures is a required component of all position descriptions.

Supervisory Responsibilities:

• Achieves results by motivating and stimulating team members; promotes commitment to common goals by communicating team vision and mission.
• Works with employees to identify development opportunities and create career development plans.
• Coaches and mentors employees on their strengths and areas for improvement, providing constructive feedback.
• When needed, selects talented individuals from inside and outside of the Bank, hiring individuals whose capabilities match the needs of the organization in a timely and prudent manner.

Essential Functions:

• Perform duties within the second line of defense in the three lines of defense model.
• Advise on security architecture in line with FFIEC guidance, framework alignment (NIST, CIS), and security best practices.
• Participate in determining security requirements for new products and services.
• Lead a team of information security professionals.
• Help ensure IT compliance with technical portions of applicable regulations and guidelines.
• Perform risk assessments and attestations of controls to author executive level reports and memorandums of the outcomes.
• Perform due diligence security reviews on the Bank’s existing and proposed new third-party vendors.
• Maintain, track, and report to senior leadership a register of information security related identified control gaps and their associated risks through remediation.
• Participate in and assist with facilitating tabletop exercises.
• Document Information Security Standards.
• Contract reviews for new or modified external vendor services.
• Monitor the cyber health of third parties who house Bank information.
• Run the Bank’s self-phishing campaign program.
• Provide second line of defense support and challenge for IT audit findings.
• Serve as a voting member on Bank Committees representing Information Security.
• Provide input for the process of configuration changes to maintain a highly available and secure environment.
• Advise on security architecture for networking, infrastructure, applications and cloud environments.
• Provide security input and best practice guidance for disaster recovery.
• Assist with governance for vulnerability assessments, penetration testing, and risk assessments.
• Provide collaboration throughout the Bank in data security matters to ensure compliance with all established data security policies and procedures.
• Assist with the evaluation and recommendation of new Information Security systems.
• Review current processes and procedures for technical portions of IT compliance, recommend improvements for higher maturity.
• Research and evaluate proposed security capability solutions for adherence to documented Bank standards, policies, guidelines, and technical portions of regulatory requirements.
• Perform gap analyses.
• Participate in various projects to advise on Information Security requirements and governance.
• Make security decisions in a crisis on behalf of the CISO if the CISO is not available.
• All employees have the responsibility and the accountability to serve as risk managers for their businesses by understanding, reporting, responding to, managing and monitoring the risk they encounter daily as required by Dollar Bank’s risk management program. Compliance with regulatory laws and company procedures is a required component of all position descriptions

Supervisory Responsibilities:

• Achieves results by motivating and stimulating team members; promotes commitment to common goals by communicating team vision and mission.
• Works with employees to identify development opportunities and create career development plans.
• Coaches and mentors employees on their strengths and areas for improvement, providing constructive feedback.
• When needed, selects talented individuals from inside and outside of the Bank, hiring individuals whose capabilities match the needs of the organization in a timely and prudent manner