Head of Data Security - Director

About The Position

Requirements

• Bachelor’s degree in information security, Computer Science, or a related field.
• 10+ years of experience in information security, data protection, or a related field, with at least 5 years in a leadership role within a regulated financial institution.
• In-depth knowledge of data security standards, best practices, and regulatory requirements, particularly within the financial services sector.
• Proven track record of developing and implementing enterprise-wide strategies.
• Technical knowledge and hands-on experience with leading data security posture management tools such as Varonis (for data security and insider threat protection), and database encryption technologies, etc.
• Experience with risk management, incident response, and data governance.
• Demonstrated ability to lead and manage a team, with excellent interpersonal and communication skills.
• Translates technical concepts into plain language to articulate business risks and suggests appropriate solutions.
• Ability to plan, coordinate, and support security, technology and business needs in a fast-paced, rapidly changing environment at a strategic level.
• Strong problem solving and analytical skills, with a proactive and results oriented approach to security.
• Experience working in a highly regulated environment such as financial services.

Nice To Haves

• Relevant certifications such as CISSP, CISM, CIPP, or equivalent are strongly preferred.

Responsibilities

• Design and lead the overall strategy for data security, aligning it with SMBC’s business objectives and regulatory requirements.
• Evolve data security policies and procedures, ensuring alignment with regulatory standards (e.g., NYDFS Cybersecurity Regulation, GDPR, CCPA).
• Establish, lead and continuously evolve an operational function to manage the day-to-day ensuring a healthy data security posture. This includes overseeing the ongoing monitoring, management, and support of security processes, tools, and systems.
• Identify, assess, and mitigate risks related to data security. Oversee risk assessments and security audits to ensure ongoing compliance and protection.
• Manage, evolve and implement advanced security technologies and tools to enhance SMBC’s data security capabilities.
• Oversee the deployment and management of encryption technologies to secure sensitive data at rest, in transit, and in use. Ensure encryption policies are effectively implemented across the organization.
• Establish and maintain robust data governance frameworks, ensuring the proper classification, handling, and protection of sensitive information across the organization.
• Ensure compliance with all applicable laws and regulations, including those specific to the financial services industry. Liaise with auditors and other stakeholders, as needed.
• Work closely with other departments, including Data Governance, Data Privacy, IT, legal, compliance, and risk management, to ensure an aligned approach to data security.
• Lead, mentor, and develop a high-performing team of data security professionals. Foster a culture of security awareness across the organization through training and awareness campaigns.