At Bank of the West, our people are having a positive impact on the world. We're investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people's lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we're a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.
Job Description Summary
The Chief Information Security Officer (CISO) is responsible for overseeing, coordinating, and establishing the information security strategy and direction for Bank of the West. S/he collaborates and counsels various business lines on information security programs, creating and implementing enterprise wide information security programs, risk management frameworks, information security policy development and maintenance, design of information security policy education, training, and awareness activities, monitoring compliance with company security policies and applicable laws; and coordinating investigation and reporting of security incidents.
The CISO directly reports to the Executive Vice President and Head of Technology, Operations, Transformation, Security, & Corporate Services, with dotted line reporting responsibility to the Chief Information Security Officer for BNP Paribas USA.
- Essential Job FunctionsAdvocate for all company information security related issues including the planning and development of the Bank's information security strategy in support of the company's strategic plan
- Drive a strategic vision and prioritize projects; bring an understanding of road-mapping, pacing, and project sequencing, to ensure the program is moving forward in an impactful way and at a realistic pace
- Assist in the development of a USA Cyber Strategy in coordination with the BNP Paribas USA CISO; seek to improve control effectiveness and efficiency across all BNP Paribas entities
- Collaborate with key business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability of company's systems and data
- Create and implement a risk management framework to ensure the appropriate application of controls based on risk, consulting with business owners with regards to their information security risks and responsibility in minimizing those risks
- Ensure that IT complies with existing laws and regulations (e.g. Identify Theft Protection Act, GLBA, SOX.) and that the company's IT environment is secure
- Develop information classification standards and procedures to appropriately manage information consistent with its data classification
- Work with Executive Management to prioritize company security initiatives and spending based on appropriate risk management and/or financial methodology
- Coordinate with the appropriate entities in any lawful compliance reviews or investigations related to the security of electronic protected information and/or any information technology investigation
- Oversee incident response planning in coordination within the Bank as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary.
- Establish security awareness and training standards and oversees company-wide participation
- Work with outside consultants as appropriate for independent security audits, assessments, and intrusion and penetration testing
- Develops, maintains, and publishes corporate-level information security standards, procedures, and guidelines, including compliance monitoring procedures; assists in resolving security policy issues and in implementing security procedures
Technical Competencies & Education
- 10-15+ years of IT and security leadership in a complex global financial services organization, with extensive knowledge of banking rules and regulators (FDIC, Federal Reserve, European regulatory experience is a plus)
- Broad practical operational experience across multiple IT and security disciplines within financial services, combining theory, past practical experience and the organizational business practices
- Technical depth in threat management, vulnerability assessment, and red-teaming / blue-teaming is required to develop the Bank's internal threat capabilities an d response framework
- Understanding of security architecture and engineering, with the ability to lead highly technical teams, serving as a leader/coach to help problem-solve when required
- Depth in security analytics, using data to drive decision-making across the security and tech risk function; ideally has assessed and utilized innovative AI platforms to think-ahead on threat intelligence issues
- Thorough understanding of IT systems and security tools, including methods, procedures, equipment and software used for delivery
- A track record of assessing threat environments from a business as well as a technical perspective, with the ability to develop and champion affordable, efficient and timely security solutions
- Ability to assess and drive a comprehensive cyber resiliency and business continuity function that enables the Bank of prepare for potential events; this may include leading table-top exercises as well as education and awareness programs
- Must have a Bachelor's degree in Business, security systems, information technology management or related discipline; masters' Degree in Business or Technology is a plus
- Proponent of continuous improvement processes and the ability to challenge the status quo and serving as a change agent
- Strategic leader who can drive a vision for cyber security while maintaining an execution-oriented for driving results
- Strong team management and development skills, with the ability to coach and mentor an high- performing but relatively inexperienced team
- Business-focused executive, with financial acumen; ability to articulate cost-benefit analyses, manage budgets, and bring a business perspective to the IT risk function
- Relationship builder who can partner with internal auditors and global regulators (particularly in the United States and France) to drive appropriate governance, risk, and compliance frameworks and programs
- Ability to drive impact and change in a complex global environment, working successfully through a matrix structure; ability to navigate dual-reporting lines and collaborate with cyber, IT, and business leaders in various geographies and entities
- Strong business acumen and knowledge of the best practices within the information security community and the ability to adapt and evolve these practices to the Bank's needs
- Ability to take initiative and make decisions under pressure, inspiring team members to challenge the status quo to improve processes
- Articulate and credible with the board, executive management and other group colleagues, communicating a vision and reporting on the progress of security initiatives
- Exceptional communication skills with the ability to advise and influence senior management, the Board of Directors; ability to communicate information security related concepts to a broad range of technical and non-technical audiences
- Strong project management skills and the ability to coordinate, prioritize, and execute initiatives, as required
- Strong business acumen with a good understanding of business drivers with the ability to provide support for the executive team
- Strong influencing skills to get things done; s/he must have a collaborative approach with the ability to partner with cross-functional business leaders across the global enterprise
Equal Employment Opportunity Policy
Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.
Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.