• SVP, Chief Information Security Officer

    Banc of California (Santa Ana, CA)


    Description

    BANC OF CALIFORNIA AND YOUR CAREER

    Banc of California, Inc. (NYSE: BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California (the “bank”). Banc of California is one of the nation’s premier relationship-based business banks focused on providing banking and treasury management services to small, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services, with full-service branches throughout California and Denver, Colorado, as well as full-stack payment processing solutions through its subsidiary, Deepstack Technologies. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more.

     

    At Banc of California, our success is driven by our people, and we take pride in fostering an environment where everyone can reach their full potential. We embrace a culture of empowerment, progressive thinking, and entrepreneurial spirit, ensuring our team members have an opportunity to make an impact and play an important role in the future of Banc of California. Our core values – Entrepreneurialism, Operational Excellence, and Superior Analytics – empower us in creating a dynamic and inclusive workplace. We are committed to supporting your growth and well-being with comprehensive benefits, career development programs, a variety of employee resource groups, and more. TOGETHER WE WIN®

    THE OPPORTUNITY

    Responsible for the information security program at Banc of California Inc. The CISO position is a second “line of defense” role and reports directly to the Chief Risk Officer (“CRO”) of the Company to ensure proper independence. The successful CISO will interact frequently with the CRO, CEO, Chief Information Officer, Business and Operational support units, Senior Executives and Board in fulfilling his/her responsibilities. The CISO is responsible for working with the senior executive team and Board in articulating the risk appetite of the Company for information security. The CISO will translate that risk appetite into a robust information security program by: developing KRIs/KPIs that establish appropriate risk thresholds and performance targets for the various aspects of the program, demonstrating experience and competency in all aspects of information security, and providing leadership and strong and effective communications throughout the Company. A successful Information Security Program will include the following elements: strong governance (policies, procedures, guidelines), quantitative and qualitative metrics to measure and monitor all aspects of our information security capabilities, a strategic roadmap which articulates key initiatives and spend to support the program, company-wide training and awareness of threat vectors and precautions that all employees should adhere to, remaining current with regard to industry best practices and regulatory requirements and expectations. Performs all duties in accordance with the Company’s policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates.

    HOW YOU’LL MAKE A DIFFERENCE

    + Develop an enterprise information security framework and program consistent with regulatory and industry best practices (i.e., FFIEC, NIST, etc.) Ensure data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.

    + Develop methodologies to perform risk assessment, business impact analysis, and security assurance to improve systems and operational security. Conduct threat assessments and IT security reviews to assess business and technology risks within the current operating model. Champion enhancements where appropriate.

    + Align the information security program, strategies, services, and investment recommendations with the risk appetite and strategic business plan of the Company.

    + Review and approve third party and vendor outsourced functions, services and tools to ensure that they meet the Company's internal standards for information security and privacy.

    + Work closely with fellow Enterprise Risk Management and IT personnel to ensure that the Company has a strong Business Continuity and Disaster Recovery program with regard to all aspects of our data, systems, storage, and connectivity.

    + Performs personnel actions including performance appraisals, disciplinary actions, and interviewing candidates for employment; supervises the daily activities of the team including, but not limited to, effective delegation of assignments, developing work schedules and providing necessary training.

    + Develops, establishes, plans, coordinates, prioritizes, assigns, reviews and oversees the overall goals, objectives and policies and procedures for the information security and privacy program; implements approved policies and procedures, ensures compliance with established policies and procedures and makes recommendations for changes and improvements.

    + Partner and influence across the organization. Demonstrate strong leadership and management skills and the ability to secure results through others.

    + Develops and delivers information security, privacy and data loss prevention programs to include information in electronic, print and other formats.

    + Assist in the identification, implementation and maintenance of the information privacy practices, standards and procedures.

    + Ensures information security efforts system-wide are properly coordinated and in compliance with reducing the overall security risk.

    + Perform ongoing privacy compliance monitoring activities and acts as a subject matter in the area of privacy and GLBA.

    + Ensures that information created, acquired or maintained is used in accordance with its intended purpose to protect its infrastructure from external or internal threats and to ensure the organization complies with statutory and regulatory requirements regarding information access, security and privacy. In addition to; participate in the development, implementation and ongoing compliance monitoring of all business agreements involving NPI to ensure that privacy requirements and responsibilities are addressed.

    + Ensures data custodians and governance in the development of Information Security policies and procedures and will oversee the dissemination of standards and procedures.

    + Conducts access and entitlement reviews on applications with access to NPI as required by regulations.

    + Implements an ongoing risk assessment program targeting information security and privacy matters; recommends methods for vulnerability detection and remediation and performs and/or oversees vulnerability testing.

    + Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the organization. Conducts continual research to maintain knowledge of technology, customer needs and overall requirements; stays current with advancements in technology relative to data administration, security, related services, and FFIEC Guidelines; makes recommendations to evolve information security practices and procedures to accommodate such changes.

    + Establish a privacy assessment program to ensure enterprise wide compliance with internal policies, rules and regulations. Coordinate and conduct privacy assessments designed to measure the performance and quality of the organization privacy program.

    + Provide information in response to internal and external inquiries regarding the state of privacy compliance and trending reports.

    + Maintains advanced knowledge and awareness of financial industry technical status and trends.

    + Monitors staff in daily tasks, operations and quality control; ensures the organization of assigned areas of the department, coordinating available resources (e.g., staff, materials, etc.) for maximum results. Oversee and ensure delivery of privacy training to all appropriate employees and business associates.

    + Consistently applies superior decision making techniques pertaining to inquiries, approvals and requests as they apply to existing policies and procedures, keeping within assigned approval limits and using these instances as learning tools for employee development.

    + Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions.

    + Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.

    + Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.

    + Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one’s own actions and conduct.

    + Performs other duties and projects as assigned.

     

    WHAT YOU’LL BRING

    ESSENTIAL KNOWLEDGE, SKILLS, AND ABILITIES:

    + Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with state and federal regulations and laws as they pertain to this position including but not limited to the following: Regulation Z (Truth in Lending Act), Regulation B (Equal Credit Opportunity Act), Fair Housing Act (FHA), Home Mortgage Disclosure Act (HMDA), Real Estate Settlement Procedures Act (RESPA), Fair Credit Reporting Act (FCRA), Bank Secrecy Act (BSA) in conjunction with the USA PATRIOT Act, Anti-Money Laundering (AML) and Customer Information Program (CIP), Right to Financial Privacy Act (RFPA, state and federal) and Community Reinvestment Act (CRA).

    + Experience in information privacy laws and regulations such as GLBA.

    + Knowledgeable in all branch functions associated with origination, processing and closing.

    + Intermediate skills in computer terminal and personal computer operation; Microsoft Office applications including but not limited to: Word, Excel, PowerPoint and Outlook.

    + Intermediate math skills; calculate interest and percentages; balance accounts; add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals; locate routine mathematical errors; compute rate, ratio and percent, including the drafting and interpretation of bar graphs.

    + Effective organizational and time management skills.

    + Exceptional oral, written and interpersonal communication skills.

    + Ability to make decisions that have moderate impact on the immediate work unit and cross functional departments.

    + Ability to organize and prioritize work schedules on a short-term and long-term basis.

    + Ability to provide consultation and expert advice to management.

    + Ability to make informal and formal presentations, inside and outside the organization; speaking before assigned team or other groups as needed.

    + Ability to deal with complex difficult problems involving multiple facets and variables in non- standardized situations.

    + Ability to work with little to no supervision while performing duties.

    EDUCATION, EXPERIENCE AND/OR LICENSES:

    + Bachelor's degree from an accredited university; or 10+ years of related experience and/or training. Work related experience must consist of information systems management experience in the financial services industry. Educational experience, through in-house training sessions, formal school or financial industry related curriculum, should be business or financial industry related.

    + Certified Information Security Professional (CISSP) and other industry certifications.

    + In depth experience of Information Security practices and implementation in Banking or financially related industry.

    + Experience managing projects or programs to achieve information security objectives.

    HOW WE’LL SUPPORT YOU

    + **Financial Security:** You will be eligible to participate in the company’s 401k plan which includes a company match and immediate vesting.

    + **Health & Well-Being:** We offer comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA).

    + **Building & Supporting Your Family:** Banc of California partners with providers that offeradoption, surrogacy, and fertility assistance as well as paid parental leave and family support solutions including care options for your family.

    + **Paid Time Away:** Eligible team members receive paid vacation days, holidays, and volunteer time off.

    + **Career Growth Opportunities:** To support career growth of our team members, we offer tuition reimbursement, an annual mentorship program, leadership development resources, access to LinkedIn Learning, and more.

    SALARY RANGE

    The base salary ultimately offered is determined through a review of education, industry experience, training, knowledge, skills, abilities of the applicant in alignment with market data and other factors.

     

    Banc of California is an equal opportunity employer committed to creating a diverse workforce. All qualified applicants will receive consideration for employment without regard to age (40 and over), ancestry, color, religious creed (including religious dress and grooming practices), denial of Family and Medical Care Leave, disability (mental and physical) including HIV and AIDS, marital status, medical condition (cancer and genetic characteristics), genetic information, military and veteran status, national origin (including language use restrictions), race, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), gender, gender identity, gender expression, and sexual orientation. If you require reasonable accommodation as part of the application process, please contact Talent Acquisition.

     

    Equal Opportunity Employer

     

    This employer is required to notify all applicants of their rights pursuant to federal employment laws.

     

    For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.

    Equal Opportunity Employer

    PacWest Bancorp and its affiliates are fully committed to the principles of equal opportunity and diversity. We take pride in building a workplace culture where all employees feel supported and respected, and have equal access to career and development opportunities without regard to race, religion/creed, color, national origin, age, marital status, ancestry, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), gender identity/expression, sexual orientation, veteran status, physical or mental disability, medical condition, military status, genetic information, or any other characteristic protected by federal, state or local laws.