Chief Information Security Officer- Sugar Land or Lubbock - Prosperity Bank

Description

Job Description

Job Description


POSITION PURPOSE
Information Security is essential to what we do, from protecting our customers to our associates to our intellectual property.

The Chief Information Security Officer is accountable for leading our Information Security Team and overseeing the Information Security Program and its continued improvement.

The Chief Information Security Officer will enable the business in security and risk management and will (1) lead the team to manage exceptions, and document alignment of both requirement drivers and adherence monitoring processes related to policy; (2) work on the cutting edge of security and technology and address new risks; (3) collaborate and innovate with other groups within Prosperity Bank to continue to mature the Bank's Information Security Program.

ESSENTIAL FUNCTIONS AND BASIC DUTIES
Leading and directing the Information Security organization
Establishing a strategy for ensuring the Bank's security posture in alignment with corporate strategy and objectives
Coordinating security-related activities with key stakeholders, including Information Technology, Data Governance, and business functions
Aligning policies and procedures to laws, regulations, guidance, best practices, industry standards, and internal risk requirements.
Leading projects on security policy emphasizing the identification, understanding, and socialization of new risks
Measuring and reporting on the Bank's cybersecurity position and level of compliance with stated security policy standards
Approving and tracking security policy exceptions and tracking policy violations
Approving requests for changes in the Bank's technology environment having a cybersecurity impact
Defining and refining security policy requirements to address the risks presented by new and emerging technologies
Consulting on information security policy compliance for unique issues
Assessing and reporting to senior management and directors on information security risk across the enterprise
Overseeing the incident response plan and directing incident response activities
Remaining current on developments in the cyber-security industry including: security alerts, bugs, zero day issues, vulnerabilities, viruses and malware, and providing evaluation and recommendations depending on their potential impact
Managing the use and reporting of outputs of designated internal security systems
Directing security activities and assessments with key third party security partners and develop the responses, the remediation, and ongoing adherence from those reports
Establishing and maintaining the business plan and budget for program activities
Interacting with exam and audit personnel, responding to requests for information, and addressing noted findings
Working closely with the project management and vendor management teams in providing timely security reviews and assessments to potential technologies being considered by the organization
Providing security awareness training for the employees and Boards of Directors
Serving on various technology and risk committees
Other duties as assigned

The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this job description amended at any time.

SUPERVISORY RESPONSIBILITIES:
Lead and manage team through training, developing, and coaching associates on a consistent basis
Encourage others to set challenging goals and high standards of performance
Inspire associates to define new opportunities and continuously improve the organization
Celebrate and reward significant achievements of associates
Present logical and persuasive case for proposals and positions
Assist team in addressing their individual strengths and development needs


EDUCATION/CERTIFICATION:
Bachelor's degree in Computer Information Sciences, Information Technology, Engineering or a related technical field; or

Associates GSEC, SSCP, CISSP certification is preferred RSA Security Analytics – Preferred

EXPERIENCE REQUIRED :
7+ years of practical IS/IT work experience in financial services with direct knowledge surrounding enterprise security technologies such as SIEM, firewalls, VPN, IPS/IDS, content filters, AV, and similar
Experience utilizing common frameworks including FFIEC, NIST, ISO 5+ years' experience in a management capacity with experience working with business leaders in collaborating on technology and security items 5+ years technical experience in skills including Vendor Management, Information Security, IS Program Management, and/or Security Vendor Management
Experience with managing small focused teams

KNOWLEDGE REQUIRED:
Knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment
Demonstrated ability to integrate business needs and exceptional customer service with that of maintaining a strong security framework

SKILLS/ABILITIES:
Excellent written and oral English communication and presentation skills
Ability to discuss security topics with non-technical audiences
Willingness to work beyond standard business hours when necessary
Ability to keep multiple concurrent tasks and projects moving forward
Possess strong analytical and troubleshooting skills.
Preferred additional skills
Technical experience with a minimum of four years' experience in one or more of the following: computer network penetration testing and techniques; computer evidence seizure, computer forensic analysis, and data recovery; computer intrusion analysis and incident response; intrusion detection; computer network

surveillance/monitoring ; network protocols, network devices, multiple operating systems, and secure architectures.
Ability to obtain a security clearance.

Applicable Certifications:
CISSP, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (CGIH), GIAC Certified Forensic Analyst (GCFA)

Monday- Friday: 8:00am-5:00pm

#J-18808-Ljbffr