Job Specifications
At Stearns Bank, we’re helping people, entrepreneurs, small businesses, and local communities nationwide reach their full financial potential. Sound like something you want to be a part of? If so, we’re currently looking for a Director of Information Security. This is a connected mobile role.
Come see how we’re doing business unusual and charting our own path to reimagine a more inclusive financial services and banking ecosystem for all.
BENEFITS: https://www.stearnsbank.com/about/careers-benefits
For this position, we anticipate an annual salary range between $120,000 - $190,000. Final employment offers will be dependent upon the selected candidate’s relevant qualifications and experience.
JOB SUMMARY: The Director of Information Security is the Bank’s designated Information Security Officer, and is responsible for leading and evolving Stearns Bank’s enterprise information security, technology risk and infrastructure security strategy.
PRIMARY RESPONSIBILITIES
Enterprise Security Strategy & Governance
Lead and continuously evolve the Bank’s Information Security Program aligned with 12 CFR Part 30, Appendix B, the FFIEC Information Security Booklet, the OCC Cybersecurity Supervision Work Program, NIST CSF, and regulatory guidance.
Conduct or direct the annual enterprise-wide IT risk assessment using NIST CSF 2.0, the CRI Profile, or equivalent framework, identifying threats, vulnerabilities, and risk levels for all information assets.
Develop and execute a multi-year enterprise security roadmap aligned with business strategy and modernization initiatives.
Manage the cybersecurity self-assessment process using the Bank’s selected framework, the Cyber Risk Institute Framework, ensuring findings are documented, tracked, and reported to the Board.
Infrastructure & Architecture Security Alignment
Ensure security-by-design across: Network architecture, Cloud platforms, Endpoint management, API security architecture, Identity & access management, Core banking and fintech integrations, Artificial Intelligence (AI) integrations
Establish secure architecture standards for hardware, networking, segmentation, encryption and endpoint detection.
Oversee the vulnerability management and patch management lifecycle, monitoring remediation timelines against risk-based SLAs and escalating deficiencies to senior management.
Cybersecurity Operations & Emerging Threat Management
Oversee: Threat detection and response, Incident response program, Penetration testing and vulnerability management, SOC oversight, AI-driven risks and geopolitical threat activity.
Lead incident response coordination and regulatory notification processes when required.
Third-Party & Technology Risk Oversight
Lead and Chair the Vendor Management and Third-Party Risk program.
Conduct information security due diligence on all prospective fintech partnerships during the planning and selection stages of the third-party risk management lifecycle
Review and evaluate SOC 2 Type 2 reports, penetration test results, vulnerability assessments, and BCP/DR documentation for all third-parties (including fintech partners) at least annually, or more frequently for critical relationships.
Monitor fintech partner compliance with the Bank’s information security requirements on an ongoing basis, including incident notification obligations under contractual SLAs.
Assess security architecture of API integrations.
Coordinate with critical third-party service providers to assess their BCP/DR capabilities and resilience, including review of TSP continuity testing results.
Regulatory & Audit Leadership
Serve as primary security liaison for IT Audits, OCC, FDIC, and external examiners.
Maintain compliance with GLBA, FFIEC IT Handbook, NIST, PCI and SOC reporting standards.
Ensure compliance with notification requirements of all relevant regulatory agencies and documented decision criteria for determining when a “notification incident” has occurred.
Maintain the Bank’s state breach notification matrix and coordinate customer notification processes in compliance with applicable state laws for each jurisdiction where affected customers reside.
Data Protection & Modern Governance
Oversee: Data classification standards, Data Loss Prevention (DLP), Encryption standards, Secure data lifecycle management
Align information security with enterprise data governance initiatives.
Monitor the CFPB’s evolving data security enforcement posture and ensure the Bank maintains multi-factor authentication, adequate password management, and timely patching to mitigate UDAAP exposure.
Track developments in the Section 1033 Personal Financial Data Rights rulemaking and assess implications for the Bank’s data-sharing security controls, API standards, and authorized third-party oversight.
Business Continuity & Operational Resilience
Ensure cyber resilience testing and tabletop exercises are conducted regularly.
Integrate operational resilience planning into infrastructure modernization
About the Company
Stearns Bank National Association is a majority women-owned and governed financial services institution committed to empowering people, entrepreneurs, small businesses, and local communities to reach their full financial potential. As a privately held, employee-owned entity, Stearns Bank offers a wide array of national products and services including consumer and small business banking, affordable housing financing, USDA and SBA lending, and equipment and small business financing. Headquartered in Minnesota, Stearns Bank has...
Know more