Cyber Resilience Officer
At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.
We are currently seeking qualified talent to be responsible for leading and managing Security Cyber Resilience initiatives. Scope of initiatives may include optimizing process, conducting risk assessments, managing the strategic security awareness and training program, managing compliance and regulatory efforts, or providing leadership in emerging solutions. Management and oversight of the development of project plans and business requirements to support cybersecurity resilience objectives. Responsible for managing to deadlines and providing thought leadership to team members on assigned tasks.
This role is responsible for the creation, standardization, documentation, and execution of strategic plans and frameworks related to the Bank of the West Cyber Resilience Program. Through partnership with other corporate incident management and resilience teams, this person will ensure cybersecurity related events are coordinated and lead the execution of cyber resilience exercises. This role will also assist in the development of presentations, proposals, reports, and metrics on the Bank of the West’s Cyber Resilience readiness. The role will assist in the maintenance of Enterprise Information Security own BC/DR plans.
- Manages the appropriate artifacts throughout the initiative lifecycle of Corporate Security’s efforts.
- Responsible for ensuring work effort dependencies, assumptions, risks and issues are defined, documented and communicated to the appropriate lead and/ stakeholder.
- Leads risk assessments to identify risks to security and business resiliency controls. Documents overall effectiveness of operational controls within the Bank and/or Third Party Providers.
- Lead and document onsite security assessments the Bank and/or Third Party Providers selected locations.
- Reviews internal and external security and technical test reports (audit, vulnerability and penetration test results, business resiliency Plans, etc.) to validate the effectiveness of operational controls.
- Leads and oversee the coordination, development, management, and maintenance of reports presented to Management.
- Leads and assessment process and /or security initiatives from communication, approval and report distribution to key stakeholders, business units and Management,
- Leads the communication between business units, department leaders, executive leaders, and committees to ensure proper approvals and submission of reports and supporting documents.
- Assist in identifying security processes through the identification and assessment of emerging risks, corporate and regulatory standards, and comparison of the Bank’s and Industry regulatory requirements, policies, standards and best practices.
- May lead and advise in the development of analytics, operational procedures, reporting, financial analysis, and/or strategic planning activities.
- Research industry trends, regulations, standards, compliance requirements, and best practices. Keeping abreast of all industry trends and emerging cybersecurity threats
- Bachelor's Degree Business, Computer Science, Information Assurance, Management Information Systems or related field
- Exceptional written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.
- Sound interpersonal, negotiation, and influencing skills; ability to facilitate discussions around complex issues and bring them to resolution
- Excellent analytical and problem-solving skills coupled with thoroughness and attention to detail is highly desired.
- Solid understanding of industry practices and metric reporting fundamentals.
- Ability to adjust to rapidly changing security environment, prioritize deliverables and manage workflow.
- Ability to exercise sound judgment and make effective recommendations to management
- Excellent ability to optimize and condense information and transform data into easily understandable concepts.
- Solid understanding of financial industry, risk management, and/or corporate security.
- Training in Risk Management or IT Audit Methodology strongly desired
- Solid technical skills in MS Excel, PowerPoint, Word, and Project Experience with analytics tools such as SQL and Tableau preferred
- Solid knowledge and understanding of various cybersecurity areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, Physical Security and/or Business Resiliency.
- Expert knowledge of security controls for the handling of Personally Identifiable Information (PII) data, regulations and security compliance requirements affecting financial institutions (FFIEC/GLBA )
- Knowledgeable on assessment frameworks/standards (i.e. ISO/27000 Series, BITS SIG/SAS-70/SSAE-16, COBIT/SOX IT Control Testing, NIST, PCI-DSS
Equal Employment Opportunity Policy
Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.
Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.