"Alerted.org

131 Main St, Hills, IA 52235, USA | Full Time

SCHEDULE: Full-time; Monday through Friday 8:00 am – 5:00 pm. Hours may vary due to job requirements.

BENEFITS: Our employees are our most valuable assets, so we invest in them with a comprehensive and competitive benefits package. Our philosophy of taking care of the customer extends to taking care of our employees so that they, in turn, can take good care of themselves and their families. Join Hills Bank and let us surprise you with even more perks!

SCOPE:

The Senior Vice President, Enterprise Security and Cyber-Resilience is responsible for leading the bank's enterprise-wide security strategy, encompassing both cybersecurity and physical facilities security. This executive role ensures the protection of information assets, customer data, and physical infrastructure while maintaining compliance with regulatory requirements. This position leads the Security Office and staff, drives strategic initiatives, and fosters a culture of security awareness across the organization.

ACCOUNTABILITIES:

+ - Leadership and Team Management

+ Supervise, lead, mentor, and develop the Security Office team of cybersecurity and physical security personnel, ensuring alignment with the bank's strategic objectives and risk posture.

+ Build and lead a high-performing team, fostering a culture of accountability, innovation, and continuous improvement.

+ Promote strong cross-functional collaboration with IT, risk, compliance, legal, facilities, and business units to ensure security is integrated into all aspects of operations and decision-making.

+ Act as a strategic advisor to executive leadership, influencing enterprise-wide initiatives with a security-forward mindset.

+ Facilitate regular communication and coordination across departments to ensure cohesive execution of security programs and shared ownership of risk management.

+ - Security Strategy and Governance, Policies, Standards and Frameworks

+ Lead, define and execute the bank's security: strategy, governance model, and management framework.

+ Establish and maintain security policies, standards, and procedures aligned with industry best practices and regulatory requirements (e.g., NIST, FFIEC, GLBA).

+ Provide strategic security guidance to executive leadership and the board.

+ - Maintains Current Threat Intelligence Knowledge and Partnerships

+ Proactively engage with security intelligence-sharing organizations (e.g., FS-ISAC, InfraGard), and other relevant industry groups, to stay ahead of emerging threats and vulnerabilities.

+ Build and maintain strategic partnerships with law enforcement, regulatory bodies, peer institutions, and cybersecurity vendors to enhance situational awareness and threat response capabilities.

+ Integrate actionable threat intelligence into operational processes, risk assessments, and incident response planning.

+ Ensure the bank's threat intelligence program is dynamic, continuously updated, and aligned with the evolving threat landscape.

+ - Security Operations and Incident Response

+ Oversee daily security operations, including monitoring, detection, and response to cyber and physical threats.

+ Lead as incident commander for security incident response efforts, ensuring timely containment, investigation, and remediation.

+ Conduct post-incident reviews and implement lessons learned.

+ - Security Architecture and Oversight

+ Serve as a key stakeholder in enterprise architecture planning, ensuring security is embedded into the design and implementation of all technology solutions.

+ Champion a "secure by design" philosophy across the organization, integrating security requirements early in the system development lifecycle (SDLC) and technology procurement processes.

+ Collaborate with IT, application development, infrastructure, procurement, risk and legal teams to define and enforce secure architecture standards, patterns, and reference models.

+ Evaluate and approve architectural designs, third-party integrations, and cloud strategies to ensure alignment with the bank's security posture and risk tolerance.

+ Lead security architecture reviews for new initiatives, ensuring scalability, resilience, and compliance with regulatory and internal standards.

+ Drive continuous improvement in security architecture maturity, leveraging threat modeling, risk assessments, and emerging technologies. Implement a zero-trust model as part of this process.

+ - Security Awareness

+ Develop and lead a comprehensive security awareness and training program tailored to the bank's risk profile and threat landscape.

+ Conduct regular testing exercises, including tabletop simulations, red team/blue team engagements, and scenario-based drills to evaluate organizational readiness and response capabilities.

+ Emphasize social engineering awareness, educating staff on tactics such as pretexting, baiting, tailgating, and impersonation, with targeted training for high-risk roles.

+ Partner with HR and department leaders to ensure security education is role-specific and integrated into onboarding and ongoing development.

+ Measure program effectiveness through qualitative feedback, behavioral metrics, and incident trends, continuously refining content and delivery methods.

+ - Security Compliance and Reporting

+ Implement systems to easily report and comply with regulatory and risk management requirements that will efficiently and effectively expedite bank audit and exam reviews.

+ Ensure compliance with applicable laws, regulations, and internal policies.

+ Prepare and deliver regular reports directly to executive leadership, the appropriate committees and the board on security posture, risk metrics, and compliance status.

+ Serve as the primary security liaison for audits, regulatory exams, and third-party assessments.

+ - Technology Stack Oversight

+ Provide strategic oversight and security governance across the bank's technology ecosystem, ensuring alignment with secure-by-design principles and regulatory requirements.

+ Influence and collaborate on the selection, implementation, and lifecycle management of key platforms, including:

+ Core Banking Systems (e.g., Jack Henry, FIS, or equivalent)

+ Cloud Infrastructure (e.g., Microsoft Azure, AWS, or hybrid environments)

+ Endpoint Protection and EDR (e.g., Microsoft Defender, CrowdStrike, SentinelOne)

+ SIEM and Threat Detection (e.g., Splunk, Microsoft Sentinel)

+ Identity and Access Management (e.g., Okta, Entra AD, MFA solutions)

+ Network Security (e.g., Palo Alto, Fortinet, Cisco)

+ Email and Collaboration Security (e.g., Microsoft 365 Defender, Proofpoint)

+ Physical Security Systems (e.g., access control, surveillance, alarm systems)

+ Ensure all technologies are deployed and maintained with appropriate security controls, monitoring, and compliance reporting capabilities.

+ Collaborate with enterprise architecture and IT operations to ensure scalability, resilience, and secure integration of new technologies.

+ - Other duties as assigned

EDUCATION AND SPECIAL REQUIREMENTS:

+ - Education and Experience

+ Bachelor's degree in Information Security, Computer Science, or related field; in lieu of degree, appropriate certifications and experience may be considered.

+ Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.

+ Professional certifications such as CISSP, CISM, CISA or other security related certifications highly preferred.

+ Top current security clearance(s) beneficial.

+ Experience in financial services or banking industry preferred.

+ Experience in physical security management.

+ Strong understanding of security and risk management regulatory environments and frameworks.

+ Proven track record of leading cross-functional teams and enterprise-wide initiatives.

+ - Technical and Strategic Skills

+ Deep understanding of IT governance, product lifecycle management, and enterprise architecture.

+ Expertise and knowledge of incident response processes.

+ Background of relationships with other security experts, organizations and/or law enforcement agencies to maintain

+ Familiarity with regulatory requirements and risk management.

+ Understanding of IT security frameworks and standards (e.g. NIST, ISO 27001, FFIEC, SOC2, etc.).

+ Proficiency in strategic planning, systems architecture (including modern cloud platforms), performance measurement, and change leadership.

+ - Leadership and Communication

+ Exceptional leadership, interpersonal, and team-building skills.

+ Ability to communicate complex technical concepts to non-technical stakeholders.

+ Strong negotiation, conflict resolution, and decision-making capabilities.

+ High emotional intelligence and ability to influence at all levels of the organization.

EQUAL OPPORTUNITY EMPLOYER