Bank of the West Chief Information Security Officer in Omaha, Nebraska
Chief Information Security Officer
At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.
Job Description Summary
The Chief Information Security Officer (CISO) is responsible for overseeing, coordinating, and establishing the information security strategy and direction for Bank of the West. S/he collaborates and counsels various business lines on information security programs, creating and implementing enterprise wide information security programs, risk management frameworks, information security policy development and maintenance, design of information security policy education, training, and awareness activities, monitoring compliance with company security policies and applicable laws; and coordinating investigation and reporting of security incidents.
The CISO directly reports to the Executive Vice President and Head of Technology, Operations, Transformation, Security, & Corporate Services, with dotted line reporting responsibility to the Chief Information Security Officer for BNP Paribas USA.
Essential Job Functions
Advocatefor all company information security related issues including the planning and development of the Bank's information security strategy in support of the company's strategic plan
Drivea strategic vision and prioritize projects; bring an understanding of road-mapping, pacing, and project sequencing, to ensure the program is moving forward in an impactful way and at a realistic pace
Assist in the development of a USA Cyber Strategy in coordination with the BNP Paribas USA CISO; seek to improve control effectiveness and efficiency across all BNP Paribas entities
Collaboratewithkey business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability of company's systems and data
Createand implement a risk management framework to ensure the appropriate application of controls based on risk, consulting with business owners with regards to their information security risks and responsibility in minimizing those risks
EnsurethatITcomplieswithexistinglawsand regulations (e.g. Identify Theft Protection Act, GLBA, SOX.) and that the company's IT environment is secure
Developinformationclassificationstandardsand procedures to appropriately manage information consistent with its data classification
WorkwithExecutiveManagementtoprioritizecompanysecurityinitiativesandspendingbasedon appropriate risk management and/or financial methodology
Coordinatewith the appropriate entities in any lawful compliance reviews or investigations related to the security of electronic protected information and/or any information technology investigation
Overseeincidentresponseplanningincoordinationwithinthe Bank as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary.
Establishsecurity awareness and training standards and oversees company-wide participation
Workwithoutsideconsultantsas appropriate for independent security audits, assessments, and intrusion and penetration testing
Develops,maintains, and publishes corporate-level information security standards, procedures, and guidelines, including compliance monitoring procedures; assists in resolving security policy issues and in implementing security procedures
Technical Competencies & Education
10-15 years of IT and security leadership in a complex global financial services organization, with extensive knowledge of banking rules and regulators (FDIC, Federal Reserve, European regulatory experience is a plus)
Broadpracticaloperationalexperienceacross multiple IT and security disciplines within financial services, combining theory, past practical experience and the organizational business practices
Technicaldepthin threat management, vulnerability assessment, and red-teaming / blue-teaming is requiredto develop the Bank’s internal threat capabilities andresponseframework
Understandingof security architecture and engineering, with the ability to lead highly technical teams, serving as a leader/coach to help problem-solve when required
Depthin security analytics, using data to drive decision-making across the security and tech risk function; ideally has assessed and utilized innovative AI platforms to think-ahead on threat intelligence issues
Thoroughunderstandingof IT systems and security tools, including methods, procedures, equipment and software used for delivery
A track record of assessing threat environments from a business as well as a technical perspective, with the ability to develop and champion affordable, efficient and timely security solutions
Abilitytoassessand drive a comprehensive cyber resiliency and business continuity function that enables the Bank of prepare for potential events; this may include leading table-top exercises as well as education and awareness programs
Musthave a Bachelor's degree in Business, security systems, information technology management or related discipline; masters' Degree in Business or Technology is a plus
Proponentof continuous improvement processes and the ability to challenge the status quo and serving as a change agent
Strategicleaderwhocandrivea vision for cyber security while maintaining an execution-oriented for driving results
Strongteammanagement and development skills, with the ability to coach and mentor an high- performing but relatively inexperienced team
Business-focusedexecutive,withfinancial acumen; ability to articulate cost-benefit analyses, manage budgets, and bring a business perspective to the IT risk function
Relationshipbuilder who can partner with internal auditors and global regulators (particularly in the United States and France) to drive appropriate governance, risk, and compliance frameworks and programs
Abilitytodriveimpactand change in a complex global environment, working successfully through a matrix structure; ability to navigate dual-reporting lines and collaborate with cyber, IT, and business leaders in various geographies and entities
Strongbusinessacumenandknowledgeof the best practices within the information security community and the ability to adapt and evolve these practices to the Bank’s needs
Abilitytotakeinitiativeandmakedecisionsunderpressure,inspiringteam members to challenge the status quo to improve processes
Articulateand credible with the board, executive management and other group colleagues, communicating a vision and reporting on the progress of security initiatives
Exceptionalcommunicationskillswith the ability to advise and influence senior management, the Board of Directors; ability to communicate information security related concepts to a broad range of technical and non-technical audiences
Strongprojectmanagement skills and the ability to coordinate, prioritize, and execute initiatives, as required
Strongbusinessacumen with a good understanding of business drivers with the ability to provide support for the executive team
Stronginfluencingskillsto getthingsdone;s/hemust have a collaborative approach with the ability to partner with cross-functional business leaders across the global enterprise
Equal Employment Opportunity Policy
Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.
Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.
Location: United States-Nebraska-Omaha
Requisition ID: 046331