About

• Description

• The Vice President, Information Security is a senior-level role responsible for shaping and maintaining the Bank’s cybersecurity posture. This position serves as a trusted advisor to the SVP, Information Security Officer and collaborates across business units, IT, Compliance, and Audit to ensure confidentiality, integrity, and availability of bank systems and data. With minimal supervision, the VP will lead strategic initiatives, oversee critical security platforms, and drive risk reduction efforts.

• The VP, Information Security is part of Poppy Bank’s Information Security Team who proactively maintain our cybersecurity posture. This position will collaborate with business units and work closely with the Information Technology team, various departments, and a variety of vendors that supply the Bank’s layered information security architecture. The incumbent is responsible for daily, weekly, monthly, and quarterly monitoring of information security events and the platforms that generate those events. Platforms include anti-phishing, vulnerability management, patch management, end-point protection, data-protection among others. The incumbent will work closely with a Managed Security Provider as some of the security platforms are outsourced to an MSP. The VP assists the ISO in responding to and mitigating threats across the organization.

• The incumbent will work closely with the Information Security Officer in evaluating emerging threats to the environment, adjusting the security posture accordingly. Researches, evaluates, and implements new cybersecurity platforms while optimizing existing solutions to enhance security effectiveness. The Information Security Team frequently collaborates across the organization in securely deploying new technologies and processes that support the business while protecting the Bank and its customers. The incumbent will serve as a liaison with the Bank’s Compliance and Audit teams, ensuring close tracking of various audit and exam findings. Where division of duties permit, the incumbent will assist the Information Technology Team in various projects and tasks.

• Ensures compliance within all Bank policies and procedures, as well as all applicable state and federal banking regulations.

Essential Duties and Responsibilities include the following

• Partner with SVP ISO to define and execute the bank’s information security roadmap; evaluate emerging threats; serve as SME during audits and board reporting
• Develop and enforce security policies aligned with GLBA, FFIEC, NIST CSF; liaise with Compliance and Audit
• Oversee monitoring of security controls (email security, remote access, vulnerability management, endpoint protection, DLP); lead incident response; manage MSSP relationships
• Research and implement advanced security technologies (SIEM, CASB, EDR); drive vulnerability management; report metrics to leadership
• Mentor junior staff; assist in building a scalable security team
• Demonstrates a thorough understanding of junior-level responsibilities and provides hands-on support when needed to ensure continuity and team success
• Implements policies or procedures and tracks compliance throughout the organization with SVP review.Help coordinate audits and exams and track remediation efforts to conclusion
• Diagnose and research causes of security issues (e.g., misconfigured DNS records, exposed insecure protocols, use of known-vulnerable software, weak ciphers)
• Collaborate with IT to ensure new product deployments comply with security policies and standards
• Monitor and report on emerging cybersecurity threats and trends and provide recommendations to internal teams on how to mitigate risks
• Respond to security incidents and/or policy violations
• Track and report security metrics and efforts to the Information Security Officer and update the department at weekly Team meetings
• Identify risks and make recommendations to SVP for proactive preventative measures
• Perform scheduled software/hardware system checks & upgrades (may involve occasional after-hours work)
• Support Information Security Analyst with researching, installing, configuring, maintaining, and monitoring cyber security platforms as needed
• Maintains strong knowledge of the threat landscape and mitigation strategies
• Document internal processes and procedures related to duties and responsibilities
• Minimum of 10 hours CRA volunteer hours per year. Volunteer hours are typically scheduled within business hours. This is compensable time and mileage is reimbursed
• Other duties as assigned
• Supervisory Responsibilities: Currently, this position has no direct reports, but may in the future as the security program matures.

Qualifications

• Minimum 7+ years of progressive experience in information security, with at least 3 years in a leadership or senior advisory role
• Certifications: CISSP, CISM, CRISC strongly preferred
• Experience in regulated financial services environment desired
• Strong understanding of cloud security (AWS, Azure), network architecture, and endpoint protection
• Deep knowledge of security frameworks (NIST CSF, NIST 800-53, CIS Controls, MITRE ATT&CK)
• A BA/BS degree in Computer Science or related discipline; or an equivalent combination of experience and education.
• Proficient understanding of IT concepts and principles, including strong knowledge of networking, server management, firewall, SD-WAN, and virtualization technologies
• Understanding of the following technologies: PC’s, laptops, printers, mobile devices such as Apple iPad, and other peripherals, networking, Active Directory, Exchange, Windows, Microsoft Office, anti-virus / anti-malware software
• Working knowledge of Windows 10, Server 2016, Server 2019, Office 2019, M365
• Ability to prioritize and manage multiple tasks to meet deadlines
• Ability to interact with a wide range of internal staff members and external professionals, including consultants, vendors, auditors, technical staff, and others
• Intermediate level experience with creating technical documentation
• Experience of working in a fast-paced, team-oriented environment, with the ability to positively contribute to cross-functional teams
• Intermediate level knowledge of networking/security solutions including firewalls, IPS, SIEM, LAN/WAN, wireless, VPN, VLANs preferred
• The ability to learn quickly and adapt to changing requirements

Physical/Mental Demands & Work Environment

• The incumbent in the course of performing this position frequently spends time writing, typing, speaking, listening, operating basic business equipment, seeing (such as close, color and peripheral vision, depth perception and adjusted focus), sitting, walking, standing, reading documents or instruments, detailed work, problem solving, client contact, reasoning, math, language, presentations, verbal and written communication, analytical reasoning, stress, multiple concurrent tasks, and frequent interruptions. The incumbent for this position will occasionally lift up to 15 pounds, pull, squat, kneel and reach. The incumbent is in a non-confined office-type setting in which they are free to move about at will. The work environment is typically quiet to a moderate noise level.
• Travel: There will be occasional local, out-of-area, and overnight travel.
• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Management reserves the right to change this position description at any time.

• Requirements

• See qualifications above.

• Poppy Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
• This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

• For San Francisco Postings, review Fair Chance Ordinance.

• CA Privacy Notice to Applicants/Employees