• Chief Privacy & Information Risk Officer

    Umpqua Bank (Lake Oswego, OR)


    Chief Privacy & Information Risk Officer

     

    Corporate Risk

     

    Tacoma,

    Washington

     

    Lake Oswego,

    Oregon

     

    Spokane,

    Washington

    Description

    About Us:

    At Umpqua, we create a great place to work by offering a unique brand of relationship banking and fostering a culture where associates thrive. We are dedicated to supporting our customers and communities, and we can only achieve this through the dedication of our employees.

     

    We value Trust, Ownership, Growth, Empathy, Teamwork, Heart, Enjoyment, and Relationships, and we are eager to meet candidates who embody these core values. We are always on the lookout for results-focused individuals who can think independently, work collaboratively, and support our broader purpose.

     

    Think of us as financial partners, because at Umpqua, we believe the best way forward is together. Together for people. Together for business. Together for better.

    About the Role:

    Provides oversight, governance, and effective challenge over the information security program and technology environment. Develops and maintains an enterprise-wide risk management program that will record, measure, and manage risk across the Bank and ensure that strategic priorities align with risk. Ensure the effective operation of key controls through monitoring and validation activities, to ensure the Bank is performing within risk tolerances and in line with regulatory and legal requirements (GLBA, FFIEC). Responsible for the Privacy program and second line governance of the data management program at the Bank.

     

    + Govern, oversee, and provide effective challenge over the Bank’s Information Security program and related processes and technology.

    + Oversee the design and implementation of the enterprise wide Information Security and technology risk assessment, including the identification and classification information assets, recording and tracking the threats or vulnerabilities that could negatively affect those assets, assessing the inherent risk associated with threats and vulnerabilities, identifying key controls that mitigate the inherent risk, concluding on the residual level of risk and whether it is acceptable, and obtaining and maintaining a risk acceptance with an appropriate level of approval.

    + Monitor and validate the effectiveness of controls across the bank’s environment to ensure information and technology risk is being managed within the Bank’s risk appetite statement.

    + Develop and maintain Policies and Standards that establish requirements for technology, controls, and associate behavior within the Bank’s processes and technology environment.

    + Direct the development and ongoing maintenance of analytics and metrics for executive management and the Board of Directors as well asrisk basedinformation to support risk informed decision making within operational areas of the Bank.

    + Direct the development, implementation, maintenance of an enterprise wide Privacy Program that includes: Managing and successfully implementing privacy compliance projects including California Consumer Privacy Act; Developing a privacy policy andprivacy standards to ensure adherence to applicable privacy laws and regulations; Building or providing guidance and consultation on appropriate governance, oversight and monitoring of privacy compliance throughout the enterprise; and creating effective privacy compliance training for associates.

    + Provide sound and effective privacy compliance advice relative to strategic initiatives, regulatory changes, policy and procedure reviews, process changes, new or changing products or services, and other initiatives, serving as a privacy expert on committees and working groups to articulate privacy requirements in large, enterprise-wide initiatives

    + Lead a team of information security, risk, and privacy professionals to maintain and mature the governance and oversight program at the Bank.

    + OverseesThird-Party Information Security Assessment (TISA) activities to ensure risk-based evaluations occur of vendors and third-party service providers’ security and privacy programs.

    + Overseesthe administration of the Bank’s corporate insurance program.

    + Demonstrates compliance with all bank regulations for assigned job function and applies to designated job responsibilities – knowledge may be gained through coursework and on-the-job training. Keeps up to date on regulation changes.

    + Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.

    + Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security and other regulations as applicable to this job description.

    + May be asked to coach, mentor, or train others and teach coursework as subject matter expert.

    + Actively learns, demonstrates, and fosters the Umpqua corporate culture in all actions and words.

    + Takes personal initiative and is a positive example for others to emulate.

    + Embraces our vision to become “Business Bank of Choice”

    + May perform other duties as assigned.

    About You:

    + Bachelor's Degree in Computer Science, Management Information Systems, Information Assurance, or other relatedfieldof study.Required

    + Master's Degree in Computer Science, Management Information Systems, Information Assurance, or other relatedfieldof study.Preferred

    + 15+ yearsof security or risk leadership experience in a large, complex, highly regulated organization.Preferred

    + 7-10 yearsof experience managing a diverse team of security, risk, and privacy professionals.Preferred

    + Demonstrated ability to define, develop, and maintain a control validation program to evaluate the effectiveness of asset and entity layer controls.

    + Knowledge of third-party risk and experience defining and evaluating key risk elements and supporting risk review requirements.

    + Proficient in evaluating the impacts of technology and process design decisions and providing strategic guidance that informs key stakeholders of risk and provides recommendations that align with the risk tolerances and risk appetite of the Bank.

    + Proven ability to develop and mature reporting capabilities for executives and the Board of Directors as well as providing risk-based information to inform operational decisions.

    + Advanced knowledge of Information Security, Risk, and Privacy domains and the ability to provide guidance and oversight at the program and technical levels and evaluate current state to the overall organizations risk appetite.

    + Excellent written and verbal communication skills, interpersonal and collaboration skills, and the ability to communicate security and risk related concepts across a wide audience

    + Strong business acumen and knowledge of the best practices within Information Security, Privacy, and Risk subject areas.

    + CISSP, CISA.Required

    + GSEC, GSNA, CIA.Preferred

    **Job Location(s):** Ability to work fully onsite at posted location(s).

     

    Tacoma, WA, Spokane, WA, or Lake Oswego, OR

    Our** **Benefits:

    We offer a competitive total rewards package including basewagesand comprehensive benefits. Thepayrange for this role is$151,000.00 - $220,000.0,and the pay rate for theselected candidate isdependent upon a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills, and experience, education, and geographic location. The rolemay beeligible for performance-based incentive compensation and those details will be provided during the recruitment process.

     

    We offer eligible associates comprehensive healthcare coverage (medical, dental, and vision plans), a 401(k)-retirement savings plan with employer match for qualifying associate contributions, an employee assistance program, life insurance, disability insurance, tuition assistance, mental health resources, identity theft protection, legal support, auto and home insurance, pet insurance, access to an online discount marketplace, and paid vacation, sick days, volunteer days, and holidays. Benefit eligibility begins the first day of the month following the date of hire for associates who are regularly scheduled to work at least thirty hours weekly.

    Our Commitment to** **Diversity** **:

    Umpqua Bank isan equal opportunityand affirmative actionemployercommitted to employing, engaging, and developinga diverse workforce.Allqualifiedapplicants will receive considerationfor employmentwithout regard to race, color,national origin,religion, sex, age, sexual orientation, gender identity, gender expression, protected veteran status, disability, or any other applicable protected status or characteristics.Ifyou require an accommodation to complete the application or interview(s),please let us know by email: [email protected] .

    To Staffing and Recruiting Agencies:

    Our posted job opportunities are onlyintendedfor individuals seekingemploymentat Umpqua Bank.Umpqua Bank does not accept unsolicited resumes or applications from agencies and Umpqua Bank will not be responsible for any fees related to unsolicited resume submissions.Staffing and recruiting agencies are not authorized to submit profiles, applications,or resumestothis site or toany Umpqua Bank employeeand any such submissionswill be consideredunsolicitedunlessrequesteddirectlyby a member of the Talent Acquisition team.