SVP, Chief Information Security Officer

GENERAL SUMMARY

The Chief Information Security Officer ("CISO") is an experienced, engaging, and visionary leader responsible for the Bank's security program including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity, and access of electronic protected information and of monitoring program compliance as well as investigation and tracking of incidents and breaches and in compliance with federal and state laws.

DIRECT REPORTS

The incumbent has direct reports.

ESSENTIAL FUNCTIONS

1. Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information this is owned, controlled, and processed within the Bank. Ensures information security policies, standards, and procedures are up-to-date and consistent with perceived threats to data in all forms.
2. Facilitates risk assessments related to information security and risk management with business units.
3. Initiates, facilitates, and promotes activities to foster information security awareness within the Bank.
4. Creates a culture of cyber security both with IT and driving behavioral changes for the business.
5. Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
6. Manages security incidents and events involving electronic protected information.
7. Ensures that the disaster recovery, business continuity, risk management and access controls needs of the Bank are addressed.
8. Ensures the Bank complies with the administrative, technical, and physical safeguards.
9. Collaborates with Senior Management to establish governance for the security program.
10. Serves in a leadership role for security compliance.
11. Works closely with Compliance to ensure alignment between security and privacy compliance programs including policies, practices, and investigations, and acts as a liaison to the information systems and compliance departments.
12. Is responsible for initial and periodic information security risk assessment/analysis, mitigation and remediation. Is also responsible for development and implementation of security risk management plan.
13. Ensures the Bank has audit controls to monitor activity on electronic systems that contain protected information.
14. Oversees periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits, and printing.
15. Ensures the Bank has and maintains appropriate system use and disclosure/confidentiality statement.
16. Oversees, develops and/or delivers initial and ongoing security training to the workforce. Initiates, facilitates, and promotes activities to foster information security awareness within the Bank and related entities.
17. Establishes and administers a process for investigating and acting on security incidents which may result in a privacy breach breaches.
18. Maintains current knowledge of applicable federal and state security laws, licensing, and certification requirements and accreditation standards.
19. Serves as information security consultant to all departments for all data security related issues.
20. Assists with overall technology planning.

QUALIFICATIONS

Education:

• Bachelor's degree in Information Systems, Computer Science, or a related discipline preferred.
• Certified Chief Information Security Officer (CCISO) and Certified Information Systems Security Professional (CISSP) required.
• Information Systems Security Engineering Professional (ISSEP), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Security Auditor (CISA) a plus.

Experience:

• 10 to 15 years of information system experience preferably in a U.S. bank of $15 billion or greater in asset size with network experience.
• Knowledge and experience in state and federal information security laws.

Skills/Ability:

• Demonstrated organization, facilitation, written and oral communication, and presentation skills.
• Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals.
• Demonstrated skills in verbal communication and listening, writing, and providing excellent service to clients.
• A high level of integrity and trust.
• Proven ability to initiate and manage projects that will affect other departments and functions, as well as the corporate environment.

OTHER DETAILS

$250,000.00 - $300,000.00 / year
Pay determined based on job-related knowledge, skills, experience, and location.
This position may be eligible for a discretionary bonus.

Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k).

Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy.

Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law.

Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster:
Poster- English

Poster- Spanish

Poster- Chinese Traditional Poster- Chinese Simplified

Cathay Bank endeavors to make www.CathayBank.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at (626) 582-7370 or mickey.hsu@cathaybank.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.