THE OPPORTUNITYThe VP, Lead Security Risk Analyst leads enterprise-wide Information Security risk engagement across corporate initiatives, embedding security-by-design principles into business and technology decisions. This role drives the development and execution of the Information Security risk and GRC programs, conducting complex, high-impact risk assessments across enterprise architecture, cloud, AI/ML, and third-party environments. Serving as a senior advisor, the position partners with leadership, architects, and engineering teams to translate regulatory and security requirements into actionable architectural controls and secure design standards. The VP, Lead Security Risk Analyst also drives cross-functional remediation efforts to ensure risks are effectively managed in alignment with the organization's risk appetite. Performs all duties in accordance with the Company's policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates.
HOW YOU'LL MAKE A DIFFERENCE- Lead enterprise Information Security engagement across all enterprise-wide corporate projects, championing security by design principles, influencing security decisions without direct authority and driving alignment across multiple business and technology domains.
- Contribute to the development, management, and ongoing improvement of the Information Security risk program, compliance initiatives, and overall security risk posture.
- Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
- Maintain Information Security risk register, report monthly to appropriately address key risk areas.
- Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
- Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
- Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
- Lead and deliver enterprise and domain risk assessments (at least annually, or event driven) using consistent methodology that complies with regulatory requirements
- Conduct and lead the bank's most complex and high-impact risk assessments, including those involving enterprise architecture, modernization initiatives, AI/ML platforms, cloud deployments, or third-party integrations.
- Drive cross-functional remediation initiatives, ensuring timely resolution of identified issues and alignment with enterprise risk appetite.
- Act as the primary GRC representative and senior advisor in enterprise security architecture projects, ensuring that security, compliance, and risk considerations are embedded in design decisions for cloud, infrastructure, and applications.
- Lead architecture-focused risk assessments for new technologies, major system integrations, cloud migrations, and high-impact projects to identify systemic risks and required compensating controls.
- Translate security policies, standards, regulatory requirements and control frameworks into detailed architectural requirements, control patterns, and secure design standards consumable by engineering and application teams.
- Advise solution architects, engineers, and product teams on secure design patterns, identity and access architecture, encryption frameworks, data protection requirements, and logging/monitoring standards.
- Evaluate the security implications of modernization initiatives, and system migrations ensuring risks are documented and mitigated through appropriate design.
- Define architecture-aligned security requirements and control baselines that engineering and architecture teams use to build secure-by-design systems.
- Partner with detection engineering and cloud teams to ensure logging, auditability, and monitoring capabilities are embedded in the technology stack.
- Lead complex and technical vendor security reviews, including onboarding assessments, and high-risk assessments involving cloud platforms, data integrations, and critical infrastructure providers.
- Follow all established policies and procedures.
- Perform other duties and projects as assigned.
WHAT YOU'LL BRING- Bachelor's degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CISSP ISSAP, SABSA, CCSP, GCAD, CRISC, CISSP).
- 7-9+ years of experience in GRC, cybersecurity, risk management or related fields, and most importantly cloud/security architecture, particularly in highly regulated industries such as financial, or professional services.
- Demonstrated history of influencing architectural decisions and driving enterprise-level security program improvements.
- High technical knowledge across Cybersecurity domains, including Security Operations, Incident
- Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration
- Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.
- Advanced knowledge of cloud architecture, application security, identity governance, encryption, secure design patterns, network architecture, and telemetry design.
- Experience translating requirements into architectural controls and technical standards.
- Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).
- Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.
- Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.
- Comfortable solving ambiguous, enterprise-scale problems.
- Proven ability to lead multi-team initiatives and drive results in a fast-paced environment.
- Excellent communication and interpersonal skills, with the ability to influence senior engineers, architects, and business leaders
- High School diploma or equivalent required
HOW WE'LL SUPPORT YOU- Financial Security: You will be eligible to participate in the company's 401k plan which includes a company match and immediate vesting.
- Health & Well-Being: We offer comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA).
- Building & Supporting Your Family: Banc of California partners with providers that offer adoption, surrogacy, and fertility assistance as well as paid parental leave and family support solutions including care options for your family.
- Paid Time Away: Eligible team members receive paid vacation days, holidays, and volunteer time off.
- Career Growth Opportunities: To support career growth of our team members, we offer tuition reimbursement, an annual mentorship program, leadership development resources, access to LinkedIn Learning, and more.
SALARY RANGEThe base salary ultimately offered is determined through a review of education, industry experience, training, knowledge, skills, abilities of the applicant in alignment with market data and other factors.
