• Job Description

  Req#: 494244

  POSITION PURPOSE

  Information Security is essential to what we do, from protecting our customers to our associates to our intellectual property. The Chief Information Security Officer is accountable for leading our Information Security Team and overseeing the Information Security Program and its continued improvement.

  The Chief Information Security Officer will enable the business in security and risk management and will (1) lead the team to manage exceptions, and document alignment of both requirement drivers and adherence monitoring processes related to policy; (2) work on the cutting edge of security and technology and address new risks; (3) collaborate and innovate with other groups within Prosperity Bank to continue to mature the Bank’s Information Security Program.

  ESSENTIAL FUNCTIONS AND BASIC DUTIES

  1. Leading and directing the Information Security organization
  2. Establishing a strategy for ensuring the Bank’s security posture in alignment with corporate strategy and objectives
  3. Coordinating security-related activities with key stakeholders, including Information Technology, Data Governance, and business functions
  4. Aligning policies and procedures to laws, regulations, guidance, best practices, industry standards, and internal risk requirements.
  5. Leading projects on security policy emphasizing the identification, understanding, and socialization of new risks
  6. Measuring and reporting on the Bank’s cybersecurity position and level of compliance with stated security policy standards
  7. Approving and tracking security policy exceptions and tracking policy violations
  8. Approving requests for changes in the Bank’s technology environment having a cybersecurity impact
  9. Defining and refining security policy requirements to address the risks presented by new and emerging technologies
  10. Consulting on information security policy compliance for unique issues
  11. Assessing and reporting to senior management and directors on information security risk across the enterprise
  12. Overseeing the incident response plan and directing incident response activities
  13. Remaining current on developments in the cyber-security industry including: security alerts, bugs, zero day issues, vulnerabilities, viruses and malware, and providing evaluation and recommendations depending on their potential impact
  14. Managing the use and reporting of outputs of designated internal security systems
  15. Directing security activities and assessments with key third party security partners and develop the responses, the remediation, and ongoing adherence from those reports
  16. Establishing and maintaining the business plan and budget for program activities
  17. Interacting with exam and audit personnel, responding to requests for information, and addressing noted findings
  18. Working closely with the project management and vendor management teams in providing timely security reviews and assessments to potential technologies being considered by the organization
  19. Providing security awareness training for the employees and Boards of Directors
  20. Serving on various technology and risk committees
  21. Other duties as assigned

  The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this job description amended at any time.

  SUPERVISORY RESPONSIBILITIES:

  • Lead and manage team through training, developing, and coaching associates on a consistent basis
  • Encourage others to set challenging goals and high standards of performance
  • Inspire associates to define new opportunities and continuously improve the organization
  • Celebrate and reward significant achievements of associates
  • Present logical and persuasive case for proposals and positions
  • Assist team in addressing their individual strengths and development needs

  EDUCATION/CERTIFICATION:
  Bachelor’s degree in Computer Information Sciences, Information Technology, Engineering or a related technical field; or Associates GSEC, SSCP, CISSP certification is preferred RSA Security Analytics – Preferred

  EXPERIENCE REQUIRED:
  7+ years of practical IS/IT work experience in financial services with direct knowledge surrounding enterprise security technologies such as SIEM, firewalls, VPN, IPS/IDS, content filters, AV, and similar
  Experience utilizing common frameworks including FFIEC, NIST, ISO 5+ years’ experience in a management capacity with experience working with business leaders in collaborating on technology and security items 5+ years technical experience in skills including Vendor Management, Information Security, IS Program Management, and/or Security Vendor Management
  Experience with managing small focused teams

  KNOWLEDGE REQUIRED:
  Knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment
  Demonstrated ability to integrate business needs and exceptional customer service with that of maintaining a strong security framework

  SKILLS/ABILITIES:
  Excellent written and oral English communication and presentation skills
  Ability to discuss security topics with non-technical audiences
  Willingness to work beyond standard business hours when necessary
  Ability to keep multiple concurrent tasks and projects moving forward
  Possess strong analytical and troubleshooting skills.

  Preferred additional skills
  Technical experience with a minimum of four years’ experience in one or more of the following: computer network penetration testing and techniques; computer evidence seizure, computer forensic analysis, and data recovery; computer intrusion analysis and incident response; intrusion detection; computer network surveillance/monitoring; network protocols, network devices, multiple operating systems, and secure architectures.

  Ability to obtain a security clearance.

  Applicable Certifications: CISSP, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (CGIH), GIAC Certified Forensic Analyst (GCFA)

  
  Monday- Friday: 8:00am-5:00pm

• About the company

  On your journey to prosperity, let us be your guide. Connect with a local financial expert today and find an account that fits you.

Notice