Corporate Security Manager - Governance, Risk, & Compliance
Rabobank N.A. is an award-winning, full-service bank serving California communities grounded in agriculture. With more than $14 billion in assets, Rabobank provides a wide range of financial products and services for individual, business, and food and agribusiness customers. Multi-function ATMs at approximately 100 branches, and online and mobilebanking resources empower Californians to bank when, where and how they want. Committed to service, Rabobank’s more than 1,500 employees take pride in improving their communities personally and professionally. Rabobank N.A. is a nationally chartered bank, FDIC member and equal opportunity lender.
Rabobank, N.A. has an exciting opportunity for a Corporate Security Manager - Governance, Risk, & Compliance located in our Santa Maria Operations Center! This position will be responsible for management of all aspects of the Bank’s security in assigned areas, including but not limited to information systems security, operational securityrisk programs, compliance programs, and risk review.
- Designs , develops, operates and manages comprehensive securityarchitectures, strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls.
- Acts as Deputy to the Corporate Security Director and can assume delegated responsibilities such as resolving security incidents, communication to the bank’s senior management and formulating and implementing strategic direction of the department.
- Protecting the Bank, customers and employees by mitigating and identifying technologythreats.
- Provides expertise for security technical and non-technical solutions; review and provide guidance enabling business system delivery in a manner that adheres to information security policy.
- Oversight and management of standards related to user access to information resources and management of logical access risks.
- Develops and enforce an integrated TechnologyRisk and Control Framework across the enterprise leveraging local regulations and aligning with Regional and Global initiatives.
- The role will also include ensuring compliance with multiple federal and non-federal regulations and standards including, but not limited to FFIEC, GLBA, PCI-DSS, SOx etc.
- This individual will also liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues and track security-related issues in the electronic GRC system.
- Additionally, the role has responsibility for providing leadership, guidance and direction over the company’s securityincident management program.
- This role will coordinate with IT, Legal, Human Resources, and other appropriate business units to gather risk level and compliance details, assess impact, and coordinate risk mitigation. Therefore, the candidate must have the ability to influence others across a matrix organizational structure.
- Monitors regulatory developments and industry best practices and responds to such, as appropriate, to ensure the program’s effectiveness.
- Understands implications of work; makes recommendations for solutions; and is responsible for the efficient implementation of revised processes in a timely manner.
The successful candidate will possess the following:
- Bachelor's degree in Business Administration, Information Technology or related field required, with 8-10 years related loss prevention, law enforcement, computer operations, network management, and/or security and compliance experiencerequired depending upon area of assignment, highly preferred in a financial services/OCC regulated bank environment; OR equivalent combination of education and experience.
- Previous management experiencerequired. Applicable Security Industry certification required, with requirement of completion within 1 year if not currently certified.
- Preferred certifications: CISSP, CISM, CRISC
- Must have a solid understanding and working experience in the secure design, configuration, and use of information technology, including networkinfrastructure components such as firewalls, switches, and router configuration. Experience using vulnerability assessment tools and security monitoring tools required.