- Company Name
- Stearns Bank N.A.
- Job Title
- Director of Information Security
- Job Description
-
Job Title
Director of Information Security
Role Summary
Lead and evolve a bank‑level information security program, integrating enterprise risk management, regulatory compliance, infrastructure security, and third‑party oversight. Serve as chief security authority and primary liaison with regulatory bodies, external auditors, and risk committees.
Expectations
- 8–10 years of senior security leadership in a financial institution or large enterprise.
- Proven success designing and executing multi‑year security roadmaps aligned with business strategy.
- Deep understanding of regulatory frameworks (FFIEC, OCC, GLBA, PCI, NIST CSF, NIST 800‑53, NIST 800‑171).
- Demonstrated ability to manage threat detection, incident response, SOC oversight, and emerging threat intelligence.
- Experience leading vendor risk management, due diligence, and SVP/third‑party security oversight.
- Strong communication and influence skills to report to senior management and boards.
Key Responsibilities
- Develop and maintain the Information Security Program and security‑by‑design standards for network, cloud, endpoints, API, and AI integrations.
- Conduct annual enterprise risk assessments using NIST CSF 2.0 or equivalent, and produce risk‑based roadmaps.
- Lead SOC, threat detection and response, penetration testing, vulnerability, and patch management cycles.
- Chair the Vendor Management & Third‑Party Risk program, performing security due diligence, SOC 2 Type II review, and ongoing monitoring.
- Serve as primary liaison for OCC, FDIC, IT audits, and external examiners; ensure compliance with GLBA, FFIEC, PCI, SOC and state breach notification requirements.
- Oversee data governance: classification, DLP, encryption, MFA, password policy, and resilient data lifecycle management.
- Coordinate cyber‑resilience testing, tabletop exercises, and operational resilience integration.
Required Skills
- Leadership and program management in information security.
- Expertise in cybersecurity frameworks (NIST, NIST CSF, PCI‑DSS, FFIEC, NIST 800‑53/171).
- Strong incident response, threat intelligence, and SOC oversight.
- Knowledge of cloud, network, endpoint, API, IAM, AI security, and patch management best practices.
- Ability to assess and monitor third‑party risk, including fintech and API integrations.
- Strong regulatory awareness: OCC cyber supervision, FDIC, GLBA, PCI, SOC, CFPB, UDAAP, Section 1033.
- Excellent stakeholder communication and board‑level presentation skills.
Required Education & Certifications
- Bachelor’s degree in Computer Science, Information Security, or related field (advanced degree preferred).
- Certified Information Systems Security Professional (CISSP) mandatory.
- Preferred additional credentials: Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), Certified Ethical Hacker (CEH), or equivalent.