VP, Information Security Risk Officer (ISRO)

Seeking a senior Information Security Risk Officer (ISRO) to lead enterprise cybersecurity, IT governance, risk management, regulatory compliance, vendor management, and digital transformation initiatives within a financial services environment.

Information Security & Technology Leadership

Lead enterprise information security and technology strategy.

Oversee cybersecurity posture, IT governance, and risk management programs.

Align technology initiatives with business objectives.

Lead technology steering committees and strategic planning efforts.

Present technology and risk updates to executive leadership and boards.

Serve as the primary contact for IT audits, regulatory examinations, and compliance reviews.

Ensure compliance with FFIEC, GLBA, NIST, ISO 27001, SOC 2, and related regulatory frameworks.

Monitor evolving cybersecurity and banking regulations.

Manage risk assessments, control testing, and remediation efforts.

Lead incident response, disaster recovery, and business continuity initiatives.

Develop, maintain, and review IT policies, procedures, standards, and governance frameworks.

Translate regulatory requirements into internal controls and policies.

Maintain risk and control documentation, process maps, and governance records.

Lead periodic policy reviews and updates.

Oversee technology vendors and managed service providers.

Conduct vendor due diligence, risk assessments, and contract reviews.

Evaluate security risks associated with new business initiatives.

Ensure effective IT operational controls and documentation.

Mentor and lead technology and security personnel.

Develop organization-wide cybersecurity awareness and training programs.

Foster a culture of accountability, compliance, and continuous improvement.

10+ years of Information Security, Cybersecurity, IT Risk, Compliance, or IT Leadership experience.

Financial Services, Banking, Wealth Management, Trust Company, or related regulated industry experience.

Experience leading IT Risk Management and Information Security programs.

Strong knowledge of FFIEC regulations and examination requirements.

Experience with GLBA, NIST, ISO 27001, SOC 2, and cybersecurity frameworks.

Experience managing regulatory audits and examinations.

Experience developing IT governance policies and procedures.

Experience with business continuity, disaster recovery, and incident response programs.

Strong vendor risk management experience.

Executive-level communication and leadership experience.

CISSP Certification

CISM Certification

CCISO Certification

Bachelor's Degree in Information Systems, Cybersecurity, Computer Science, Business Administration, or related field