Director, Information Technology & Security

What You'll Do

1. Information Security Program Development

• Design, implement, and maintain a comprehensive Information Security Program consistent with FDIC guidance (e.g., FIL-66-2019, FIL-13-2021) and the Interagency Guidelines Establishing Information Security Standards.
• Develop and oversee policies, standards, and procedures governing cybersecurity, data protection, and incident response.
• Ensure alignment with the Bank’s overall risk management and governance frameworks.
• Provide regular reporting to executive management and the Board on the Bank’s security posture, emerging risks, and mitigation efforts.

2. Cybersecurity and Threat Management

• Establish and manage a threat monitoring and detection capability to identify, assess, and respond to cybersecurity risks.
• Oversee implementation of layered security controls (e.g., network segmentation, encryption, access controls, endpoint protection, vulnerability management).
• Lead the Bank’s Incident Response Program, ensuring timely escalation and coordination with regulators when required.
• Maintain relationships with information-sharing groups (e.g., FS-ISAC) and law enforcement to stay informed of emerging threats.

3. Third-Party and Affiliate Risk Oversight

• Evaluate the information security posture of third-party and affiliate service providers in accordance with the Bank’s Vendor Management Program and FDIC third-party risk guidance.
• Establish due diligence, ongoing monitoring, and contractual requirements for vendors handling sensitive data or performing critical services.
• Coordinate with Operations, Compliance, and Internal Audit to ensure third-party risks are identified, assessed, and mitigated.

4. Data Governance and Privacy Protection

• Ensure compliance with applicable privacy and data protection requirements (e.g., GLBA, Regulation P, state privacy laws).
• Implement processes to safeguard customer information and prevent unauthorized access, disclosure, or misuse.
• Partner with business and technology teams to integrate privacy-by-design principles into new products and services.

5. Business Continuity and Resilience

• Lead development and testing of the Bank’s Business Continuity and Disaster Recovery (BC/DR) plans, ensuring they are integrated with information security objectives.
• Coordinate regular testing and simulations to validate readiness for cyber incidents and system disruptions.
• Support resilience planning for key systems, vendors, and communication protocols.

6. De Novo and Pre-Opening Readiness

• Build and document the Bank’s information security program to meet regulatory requirements prior to launch.