SummaryThe ISO will be responsible for protecting the bank's sensitive data, ensuring compliance with regulatory requirements, and mitigating risks in an evolving threat landscape. This role requires a strategic thinker with deep expertise in banking regulations, including mandatory experience in FDIC examinations and audits for mid-sized banks. The ideal candidate will foster a culture of security awareness while implementing robust frameworks to safeguard our operations, customers, and assets.
Responsibilities- Develop, implement, and maintain the bank's information security policies, procedures, and standards in alignment with regulatory requirements and industry best practices.
- Lead risk assessments, vulnerability management, and security incident response efforts, including coordination with internal teams and external partners during security incidents.
- Oversee the design and execution of security controls for IT systems, networks, cloud environments, and third-party vendors.
- Conduct regular security audits, IT risk assessments, penetration testing, and compliance reviews to identify and remediate potential weaknesses.
- Collaborate with senior leadership to integrate security into business processes, including new product launches and technology acquisitions.
- Manage security awareness training programs for employees and ensure ongoing education on emerging threats.
- Prepare and present reports on security metrics, risks, and compliance status to executive management and the board of directors.
- Manage the business continuity/disaster recovery program for the Bank, including annual tabletop exercises.
- Stay abreast of evolving cyber threats, regulatory changes, and technological advancements to proactively enhance the bank's security posture.
- Coordinate with regulators during examinations and audits, ensuring timely response to findings and implementation of corrective actions.
Minimum Qualifications- Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
- Minimum of 7-10 years of experience in information security, with at least 3 years in a leadership role within the banking or financial services industry.
- Proven experience with FDIC examinations, including preparation, participation, and follow-up on findings for banks with assets in the $1-2 billion range.
- Demonstrated expertise in conducting and managing other relevant audits, such as financial statement audits, IT general controls audits, and compliance reviews typical for mid-sized community banks (e.g., under GLBA, FFIEC guidelines, and BSA/AML frameworks).
- Hands-on experience implementing cybersecurity frameworks, including CRI Profile of NIST Cybersecurity Framework (CSF) 2.0 and CIS 8.1, with a track record of mapping controls to regulator requirements.
- Professional certifications such as CISSP, CISM, CRISC, or equivalent.
- Strong knowledge of security technologies, including firewalls, intrusion detection/prevention systems, encryption, and endpoint protection.
- Excellent communication skills, with the ability to translate complex technical concepts to non-technical stakeholders.
- Ability to work in a fast-paced environment and manage multiple priorities effectively.
- Strong organizational time management skills, problem solving skills, and the ability to quickly grasp concepts and processes with limited guidance from management.
- Strong written and verbal communication skills.
- Must be able to work in a team environment with the ability to interact well, and in a positive manner, with co-workers and management.
- Strong written and verbal communication skills
- A positive and collaborative approach with both peers and management
- Versatility, flexibility, and a willingness to work on consistently changing priorities with enthusiasm
ADDITIONAL INFORMATIONReporting Structure: Reports to the SVP, Chief Information Officer
Office Requirements: This position is required to be in the office 5 days per week. The position is open in the Denver and Salt Lake City Markets.