SVP, Security Risk and Assurance

Overview

Join to apply for the SVP, Security Risk and Assurance role at Banc of California
.

Responsible for overseeing all aspects of information security programs/projects, information security & technology risk assessments, vendor security reviews, and information security reporting. Performs all duties in accordance with the Company’s policies and procedures, and applicable laws and regulations.

• Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information security goals and objectives to reduce overall organizational risk. Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary. Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• Provide continuous monitoring of the security landscape so that possible security threats are identified and actioned appropriately. Supervise or manage the governance, risk and compliance function for protective, preventative or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Collect and maintain data needed to meet system cybersecurity reporting. Advise senior management on risk levels and security posture. Advise appropriate senior leadership of changes affecting the organization's cybersecurity posture.
• Establish enterprise information security architecture (EISA) with the organization’s overall security strategy. Ensure protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture. Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection. Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• Define and/or implement policies and procedures to ensure protection of critical infrastructure. Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
• Work closely with client executives and management teams to understand their businesses and assist in identifying and managing financial and operational risks within their business systems to ensure technology risks are managed. Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
  
  Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Review business processes and controls against industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to business clients. Oversee the development of business continuity programs and the execution of internal control assessments in the areas of IT strategy and governance; IT operations, business continuity and disaster recovery; cybersecurity; third party risk; ITGC and application controls; SOC reporting;
  
  regulatory and compliance requirements.
• Oversee information security risk assessments and track self-identified and Internal Audit findings to ensure that appropriate mitigation actions are taken. Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment. Ensure that security improvement actions are evaluated, validated, and implemented as required. Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; promotes a harassment-free working environment. Follows policies and procedures; completes tasks correctly and on time; supports…