SVP Chief Information Security Officer

Description

Who We Are & What We Do:

If you’re looking for an exciting career opportunity, you’re in the right place. Santa Cruz County Bank is a top-rated community bank with a focus on serving the banking needs of businesses and individuals along the Central Coast, in Silicon Valley and throughout the Bay Area. We engage in impactful volunteering and support the greater economic vitality within our four-county reach. Our success is due to our amazing team of exceptional, experienced, knowledgeable and success-oriented employees.

We’ve been recognized with numerous community leadership awards and our team gives 2000 hours of volunteer service each year.

A few honors we’ve received locally include:

• Good Times Best of Santa Cruz – Best Bank, 12 consecutive years
• Santa Cruz Sentinel Readers’ Choice – #1 Best Bank, 9 years
• Santa Cruz County Chamber of Commerce – Business of the Year 2018 and 2021
• Press Banner’s Best of Scotts Valley – Best Bank
• Register Pajaronian’s Best of Pajaro Valley – Best Bank
• Second Harvest Food Bank – Big Step and Platinum Awards for Holiday Food and Fund Drive
• Farm Bureau of Santa Cruz County and Agri-Culture – Al Smith Friend of Agriculture Award

Position Summary

The Chief Information Security Officer (CISO) is responsible for developing, implementing, executing and managing the Bank's cyber and information security strategy to protect assets, customer data, and regulatory compliance. The CISO will oversee cybersecurity operations, policies, and risk assessments while collaborating with IT and business leaders to ensure the security of the Bank's infrastructure. The CISO safeguards information by ensuring that security risks are identified, assessed and accurately reported, as well as, promoting a strong security culture within the organization . The role requires a deep understanding of emerging cyber threats, compliance requirements, and security technologies. The CISO will also manage the Bank’s Security Operations Center (SOC) and coordinate with Managed Detection and Response (MDR) and Security Information and Event Management (SIEM) vendors. 

This position is available in the following locations: Scotts Valley, Santa Cruz and Watsonville.

Requirements

Kay Responsibilities: 

Security Strategy & Leadership

• Develop, implement, and oversee a comprehensive enterprise cyber and security strategy.
• Align security initiatives with business goals while ensuring regulatory compliance.
• Establish, communicate, and enforce security policies and best practices across the Bank.
• Advise senior leadership and the board on cybersecurity risks, threats, and mitigation strategies.

Cybersecurity Operations & Threat Management

• Lead the Bank’s 24x7 SOC, MDR, and SIEM teams to monitor, detect, and respond to cyber threats.
• Oversee the management of firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and data encryption.
• Conduct regular security assessments, penetration testing, and vulnerability management.
• Develop and implement incident response plans and lead investigations into security breaches.

Regulatory Compliance & Risk Management

• Ensure compliance with FFIEC, FDIC,DFPI,  PCI-DSS, GDPR, and other relevant regulations.
• Conduct risk assessments and security audits to identify vulnerabilities and ensure proper controls.
• Work closely with the Chief Risk Officer (CRO) to integrate cybersecurity risk into enterprise risk management.
• Maintain policies and procedures for third-party risk management and vendor security evaluations.

Business Continuity & Disaster Recovery

• Develop and maintain cybersecurity aspects of the bank’s business continuity and disaster recovery plans.
• Participate in disaster recovery drills and ensure rapid recovery of critical systems during incidents.
• Ensure resilience against ransomware, data breaches, and other cyber threats.

Physical Security

• Work with facilities management to assess and improve physical security protocols.
• Oversee the physical security of Bank facilities, including alarms, DVRs, access controls, and surveillance systems. 
• Ensure the integration of physical and cybersecurity measures to protect Bank assets and personnel.

Cybersecurity Training & Customer Education

• Develop and implement cybersecurity awareness training programs for employees to enhance security culture.
• Educate customers on best practices for online banking security, phishing prevention, and fraud protection.
• Conduct regular security workshops, phishing simulations, and awareness campaigns.

Collaboration & Stakeholder Engagement

• Work closely with IT, legal, compliance, and business teams to implement security controls and to ensure security controls are operating effectively.
• Partner with law enforcement, industry groups, and cybersecurity organizations to stay ahead of threats.
• Lead employee security awareness training programs to foster a security-first culture.

Supervisory Responsibilities

• Manage information security staff.
• Oversee vendor relationships related to managed security services, security assessments, and technology solutions.
• Provide mentorship and development opportunities to security personnel.

Qualifications & Requirements:

• Education: Bachelor’s degree in Information Security, Computer Science, or related field (Master’s degree preferred).
• Experience: Minimum of 10 years in cybersecurity, with at least 5 years in a senior leadership role within financial services.

Certifications:      

• Certified Information Systems Security Professional (CISSP) – Required
• Certified Information Security Manager (CISM) – Preferred
• Certified Information Systems Auditor (CISA) – Preferred

Technical Expertise: 

• Strong knowledge of security frameworks (NIST, ISO 27001, CIS Controls).
• Experience with firewall management, endpoint detection & response (EDR), and SIEM tools.
• Proficiency in regulatory compliance for financial institutions.
• Incident response, forensic investigation, and threat intelligence expertise.

Soft Skills: 

• Strong leadership and strategic planning capabilities.
• Excellent communication and ability to convey complex security topics to non-technical audiences.
• Collaborative mindset with a proactive approach to risk management.

Additional Considerations:

• Must be able to obtain and maintain security clearances and certifications as required by the Bank.
• Occasional travel to branch locations and industry conferences.
• Participation in executive leadership meetings and board presentations.
• Must be willing to work on-site with occasional travel to branch locations.
• Participation in on-call rotation for critical network incidents.
• Ability to obtain and maintain necessary security clearances and certifications as required by the Bank.

Benefits:

• Medical, dental, and vision plans
• Vacation, sick leave, paid holidays
• Paid volunteer time
• Employer paid life insurance, long term and short term disability
• 401(k) with employer matching
• Ongoing training, professional development and career advancement opportunities

Physical Demands:

The physical demands described here are representative of those that must be met by a teammate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• While performing the duties of this job, the employee may be regularly required to stand, sit, talk, hear, reach, stoop, kneel, and use hands and fingers to operate typical office equipment such as a computer, telephone, mouse and keyboard.
• Specific vision abilities required by this job include close vision requirements due to computer work.
• Light to moderate lifting may be required.
• Regular, predictable attendance is required; including the occasional evening and weekend work as business demands dictate.
• Travel between company locations as needed.

Work Environment

The work environment characteristics described here are representative of those a teammate encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Moderate noise (i.e., business office with computers, phone, and printers, moderate traffic).
• Ability to work in a confined area.
• Ability to sit or stand at a computer terminal for an extended period.

Salary : $150,000 - $175,000