Chief Information Security Officer

Job Summary

The Chief Information Security Officer is responsible for establishing and maintaining the enterprise’s vision, strategy, and risk management program to ensure information assets and technologies are adequately protected. This role will align data management, cybersecurity, and advanced technologies toward the goal of enhancing banking services and securing customer trust in the digital era.

The Chief Information Security Officer will drive the use of data as a strategic asset while ensuring that all information systems and processes meet rigorous security and compliance standards. This role includes overseeing the organization’s incident response protocol and leading incident response efforts as they are needed.

Key Responsibilities / Essential Functions

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Develop and Implement Strategy
  • Lead the development and execution of the company’s security vision, strategy, and program to safeguard critical business assets.
  • Partner with the Chief Technology Officer and Director of Digital Strategy to align cybersecurity initiatives with the organization’s business goals, regulatory requirements, technology strategy and innovation roadmap.
  • Develop and maintain a data protection/governance program to ensure data remains confidential, available and accurate. This includes developing strategies to catalog and protect data from unauthorized from external and internal access.
  • Develop and maintain the company’s Incident Response Plan and Business Continuity Plan.
  • Collaborate and partner with the Enterprise Data team on the collection, management, and utilization of data to improve operational efficiencies and enhance decision-making.

• Risk Management
  • Coordinate with technology and business lines to assess, implement, and monitor IT-related security risks.
  • Oversee the identification, assessment, and management of cybersecurity risks to prepare the bank for evolving cybersecurity threats.
  • Provide actionable insights to management and the board based on internal data, and emerging risks in the industry.
  • Identify, develop and implement information security policies, standards, procedures and guidelines.
  • Serve as the incident response leader for the bank. Pro-actively prepare for, respond to and mitigate data breaches, cyber threats, and other business continuity related incidents, conducting post-mortems and implementing corrective actions.
  • Oversee the creation of disaster recovery and business continuity plans to maintain critical operations in the event of a cyber-attack or other disaster affecting operations.
  • Lead annual table-tab exercises to evaluate the bank’s incident response preparedness.
  • Prepare ongoing cyber health reporting for the executive team and board of directors.

• Leadership and Team Management
  • Act as a trusted advisor to the CEO, Board of Directors, and executive leadership team regarding data and cyber security strategies.
  • Provide leadership of assigned team, lead efforts in recruitment, interviewing, and training employees, plan, assign, and direct departmental work.
  • Coordinate interdepartmental goals to ensure alignment with company goals and vision.
  • Coach and provide ongoing performance feedback to employees, set realistic and measurable performance goals and ensure employees have appropriate professional development opportunities.   Effectively manage performance and assist employees to meet established company standards and expectations.
  • Foster partnerships with fintech companies, regulators, and technology providers to expand the bank’s capabilities in emerging technologies. 

• Compliance and Audit
  • Ensure compliance with industry-specific regulations and international standards for cybersecurity.
  • Serve as the main point of contact for internal and external information security audits and manage the mitigation of findings or gaps.

• Cybersecurity Awareness
  • Oversee the development and implementation of security awareness training programs.
  • Promote a security-first culture within the organization.

• Vendor and Third-Party Management
  • Maintain processes for performance monitoring of third-party technology vendors and partners to verify the use of appropriate security protocols.
  • Assess and monitor the security posture of third-party relationships.

• Maintain confidentiality and security of sensitive information. 
• Adhere to all corporate policies and procedures, Federal and State regulations and laws.
• Complete all mandatory annual compliance training.Follow regulatory requirements including those pertaining to the Bank Secrecy Act (BSA), Anti-Money Laundering (AML), Customer Identification Program (CIP), and OFAC to assist in the identification, detection, and determent of money laundering and other unlawful activities, as well as regulations pertaining to lending and consumer compliance to include fair lending laws. Perform other duties and special projects as assigned.

Job Requirements

Education:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field. 

Required:

• 7 years experience in information security, with proven experience in a leadership or managerial role.
• Expertise in threat analysis, vulnerability management, and incident response.
• Experience with compliance standards like GDPR, and PCI-DSS, etc…
• Demonstrated ability to work across large, complex organizations to achieve results
• Excellent leadership, communication, and project management skills.
• Proficient in Microsoft Office products. 

Preferred:

• Experience in Financial Services
• Certifications such as CISSP, CISM, or CISA

About HomeTrust Bank

HomeTrust Bank, founded in 1926, is a North Carolina chartered, community-focused financial institution committed to providing value-added community banking through online/mobile channels and multiple locations in Virginia, North Carolina, South Carolina, and Tennessee. Learn more at www.htb.com. Apply today to take your first steps towards joining this talented population of employees within a growing organization. 

Work Environment, Physical Requirements  

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job.  HomeTrust Bank promotes an equal employment opportunity workplace which includes reasonable accommodation of qualified applicants and employees.

• This job operates in a professional office environment and routinely uses standard office equipment such as computers, phones, photocopiers, and fax machines.
• Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus.
• Physical activity requiring reaching, sifting, lifting to 25 lbs., finger dexterity, grasping, feeling, repetitive motions, talking and hearing are required.
• The employee will frequently communicate and must be able to exchange accurate information with others.
• The employee may need to move around their office to attend meetings and to access files, machinery, or other job-related tools.

DISCLAIMER:  HomeTrust Bank is an evolving company.  As such this job description is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job.  While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed as assigned.

HomeTrust Bank values and promotes diversity and inclusion in every aspect of our business and at every level within the company. We recruit, hire, and promote employees based on their individual ability and experience and in accordance with Affirmative Action and Equal Employment Opportunity laws and regulations. Our policy is that we do not discriminate on the basis of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, pregnancy, marital status, status as a protected veteran, or any other status protected by federal, state, or local law.