Bank of the West Jobs

Job Information

Bank of the West Chief Information Security Officer in Omaha, Nebraska

Chief Information Security Officer


At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.

Job Description Summary

The Chief Information Security Officer (CISO) is responsible for overseeing, coordinating, and establishing the information security strategy and direction for Bank of the West. S/he collaborates and counsels various business lines on information security programs, creating and implementing enterprise wide information security programs, risk management frameworks, information security policy development and maintenance, design of information security policy education, training, and awareness activities, monitoring compliance with company security policies and applicable laws; and coordinating investigation and reporting of security incidents.

The CISO directly reports to the Executive Vice President and Head of Technology, Operations, Transformation, Security, & Corporate Services, with dotted line reporting responsibility to the Chief Information Security Officer for BNP Paribas USA.


Essential Job Functions

  • Advocatefor all company information security related issues including the planning and development of the Bank's information security strategy in support of the company's strategic plan

  • Drivea strategic vision and prioritize projects; bring an understanding of road-mapping, pacing, and project sequencing, to ensure the program is moving forward in an impactful way and at a realistic pace

  • Assist in the development of a USA Cyber Strategy in coordination with the BNP Paribas USA CISO; seek to improve control effectiveness and efficiency across all BNP Paribas entities

  • Collaboratewithkey business and IT leaders to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability of company's systems and data

  • Createand implement a risk management framework to ensure the appropriate application of controls based on risk, consulting with business owners with regards to their information security risks and responsibility in minimizing those risks

  • EnsurethatITcomplieswithexistinglawsand regulations (e.g. Identify Theft Protection Act, GLBA, SOX.) and that the company's IT environment is secure

  • Developinformationclassificationstandardsand procedures to appropriately manage information consistent with its data classification

  • WorkwithExecutiveManagementtoprioritizecompanysecurityinitiativesandspendingbasedon appropriate risk management and/or financial methodology

  • Coordinatewith the appropriate entities in any lawful compliance reviews or investigations related to the security of electronic protected information and/or any information technology investigation

  • Overseeincidentresponseplanningincoordinationwithinthe Bank as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary.

  • Establishsecurity awareness and training standards and oversees company-wide participation

  • Workwithoutsideconsultantsas appropriate for independent security audits, assessments, and intrusion and penetration testing

  • Develops,maintains, and publishes corporate-level information security standards, procedures, and guidelines, including compliance monitoring procedures; assists in resolving security policy issues and in implementing security procedures


Technical Competencies & Education

  • 10-15 years of IT and security leadership in a complex global financial services organization, with extensive knowledge of banking rules and regulators (FDIC, Federal Reserve, European regulatory experience is a plus)

  • Broadpracticaloperationalexperienceacross multiple IT and security disciplines within financial services, combining theory, past practical experience and the organizational business practices

  • Technicaldepthin threat management, vulnerability assessment, and red-teaming / blue-teaming is requiredto develop the Bank’s internal threat capabilities andresponseframework

  • Understandingof security architecture and engineering, with the ability to lead highly technical teams, serving as a leader/coach to help problem-solve when required

  • Depthin security analytics, using data to drive decision-making across the security and tech risk function; ideally has assessed and utilized innovative AI platforms to think-ahead on threat intelligence issues

  • Thoroughunderstandingof IT systems and security tools, including methods, procedures, equipment and software used for delivery

  • A track record of assessing threat environments from a business as well as a technical perspective, with the ability to develop and champion affordable, efficient and timely security solutions

  • Abilitytoassessand drive a comprehensive cyber resiliency and business continuity function that enables the Bank of prepare for potential events; this may include leading table-top exercises as well as education and awareness programs

  • Musthave a Bachelor's degree in Business, security systems, information technology management or related discipline; masters' Degree in Business or Technology is a plus

Leadership Competencies

  • Proponentof continuous improvement processes and the ability to challenge the status quo and serving as a change agent

  • Strategicleaderwhocandrivea vision for cyber security while maintaining an execution-oriented for driving results

  • Strongteammanagement and development skills, with the ability to coach and mentor an high- performing but relatively inexperienced team

  • Business-focusedexecutive,withfinancial acumen; ability to articulate cost-benefit analyses, manage budgets, and bring a business perspective to the IT risk function

  • Relationshipbuilder who can partner with internal auditors and global regulators (particularly in the United States and France) to drive appropriate governance, risk, and compliance frameworks and programs

  • Abilitytodriveimpactand change in a complex global environment, working successfully through a matrix structure; ability to navigate dual-reporting lines and collaborate with cyber, IT, and business leaders in various geographies and entities

  • Strongbusinessacumenandknowledgeof the best practices within the information security community and the ability to adapt and evolve these practices to the Bank’s needs

  • Abilitytotakeinitiativeandmakedecisionsunderpressure,inspiringteam members to challenge the status quo to improve processes

  • Articulateand credible with the board, executive management and other group colleagues, communicating a vision and reporting on the progress of security initiatives

  • Exceptionalcommunicationskillswith the ability to advise and influence senior management, the Board of Directors; ability to communicate information security related concepts to a broad range of technical and non-technical audiences

  • Strongprojectmanagement skills and the ability to coordinate, prioritize, and execute initiatives, as required

  • Strongbusinessacumen with a good understanding of business drivers with the ability to provide support for the executive team

  • Stronginfluencingskillsto getthingsdone;s/hemust have a collaborative approach with the ability to partner with cross-functional business leaders across the global enterprise

Equal Employment Opportunity Policy

Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.

Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.

Job: Security

Location: United States-Nebraska-Omaha

Requisition ID: 046331