Chief Information Risk Officer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent
• 15+ years of related experience
• Proven experience in a senior leadership role, ideally in a corporate or large-scale organization.
• Extensive knowledge of information security principles, including risk management, threat analysis, security architecture, and incident response.
• Strong understanding of regulatory requirements and compliance standards.
• Excellent communication and leadership skills, with the ability to influence decision-making at the executive level.
• Working knowledge and experience with key regulatory entities and related regulations, including the FDIC, FFIEC, CFPB, and FINRA.
• Deep knowledge of banking regulations, including OCC supervisory expectations for technology and cybersecurity risk.
• Demonstrated expertise in GLBA, SOX, and PCI-DSS compliance requirements and their operational implications.
• Proficiency applying the NIST Cybersecurity Framework to enterprise risk management programs.
• Experience managing regulatory examinations and responding to findings across multiple frameworks simultaneously.

Nice To Haves

• Masters degree in relevant discipline preferred
• Experience in the finance and banking industry is preferred
• Relevant certifications such as CISSP, CISM, or CISA are preferred.

Responsibilities

• Develop and implement a comprehensive information risk strategy and written information security program that includes information, and cyber security.
• Collaborate with executive leadership to align information risk goals with the organization’s strategic objectives.
• Report key risks and metrics to the Board of Directors and the Enterprise Risk Committee.
• Oversee and challenge the first line implementation of cybersecurity policies, procedures, cloud security posture and technologies.
• Provide independent and effective challenge to first line of defense cyber security to ensure the protection of IT infrastructure, networks, and sensitive data from cyber threats, breaches, and attacks.
• Manage the identification, monitoring, and response to potential security incidents.
• Identify and assess security risks, vulnerabilities, and potential threats across the organization.
• Ensure compliance with relevant laws, regulations, and industry standards.
• Develop audit processes and oversee external audits or assessments.
• Deliver annual assessments of the information security program and maturity rating.
• Assess and challenge the use of artificial intelligence (AI) and machine learning technologies within the organization, ensuring appropriate security controls, bias mitigation, and compliance with emerging AI regulations.
• Monitor and respond to AI-driven security threats, including adversarial AI attacks, deepfake fraud, and automated phishing campaigns, developing policies and countermeasures to protect the organization against evolving AI-enabled risks.
• Develop and implement plans for incident management, disaster recovery, and business continuity in the event of security breaches.
• Lead initiatives to protect personal, customer, and organizational data.
• Implement strategies to mitigate risks related to data breaches and unauthorized access to sensitive information.
• Design and implement security awareness programs for employees, including training on recognizing potential threats (e.g., phishing, social engineering).
• Foster a culture of security within the organization to encourage proactive risk management behaviors.
• Lead the organization’s response to security incidents, ensuring timely and effective resolution.
• Develop and maintain crisis management protocols, including communication strategies with internal and external stakeholders.
• Identify and evaluate new technologies, tools, and services that can enhance the organization’s risk posture.

Benefits

• health insurance coverage
• wellness program
• fertility and family building aids
• life and disability insurance
• retirement savings plans with a generous 401K match
• paid leave programs
• paid holidays
• paid time off (PTO)