We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Cornerstone Capital Bank jobs

Director, Integrated Security

Cornerstone Capital Bank
United States, Texas, Houston
Jun 29, 2026
Description

Cornerstone Capital Bancorp, Inc., headquartered in Houston, is aTexas-basedfinancial services company dedicated to helping families, businesses, and communities thrive. Throughitsprimary subsidiary, Cornerstone Capital Bank, the organizationoperatesa community and business banking franchise alongside a premier national home lending, servicing, and home insuranceplatform-basedfinancial services company dedicated to helping families, businesses, and communities thrive.

Guided by a core Mission, Vision and Convictions statement,Cornerstoneoperates17full-servicebanking locations across major Texas markets andmore than 150mortgage offices nationwide.The companyhas servednearly700,000customersthrough its family of brands, including Cornerstone Home Lending, Roscoe Bank, Peoples Bank, Cornerstone Servicing, and Cornerstone Insurance. Supported by 1,600 team members,Cornerstoneis consistently recognized as a Fortune-certified Great Place to Work and a Top Workplace.

Formed through the combination of Cornerstone Home Lending and The Roscoe State Bank, Cornerstone brings more than a century of experience and is thehighest-capitalizednew bank in Texas history.

We honor God by using our talents to make a positive difference in the lives of our Team Members, Clients, Shareholders, Communities, and the People who provide services to us.

Who we are looking for:

The Director, Integrated Security, is responsible for developing, implementing, and maintaining a comprehensive information security program to protect the bank's data and systems, ensuring compliance with regulations and industry standards. Areas of oversight include Enterprise Security Governance, the Bank's policies and programs for Information Security, IT Risk Management, and Corporate Security.

What you'll do:

Security Risk Framework and Policy:



  • Establish and maintain the enterprise security risk management framework, including risk appetite statements, policies, minimum control standards, and risk taxonomies that the first line is required to implement.
  • Review and challenge first-line policies, standards, and procedures to confirm alignment with regulatory expectations, the Bank's risk appetite, and industry frameworks (e.g., NIST CSF, FFIEC CAT, ISO 27001).


Independent Risk Assessment and Challenge:



  • Perform independent assessments of the first line's identification, measurement, and management of security risks, including review of risk and control self-assessments (RCSAs), issue management, and key risk indicators.
  • Provide credible challenge to first-line risk treatment decisions, exception requests, and risk acceptances; escalate unresolved concerns through governance committees to executive management and the Board.


Regulatory and Compliance Oversight:



  • Monitor and independently assess first-line compliance with applicable laws, regulations, and supervisory expectations (e.g., GLBA, FFIEC IT Handbook, NYDFS Part 500, SEC cybersecurity disclosure rules, state privacy laws); track remediation of regulatory findings and matters requiring attention (MRAs).
  • Partner with the Chief Privacy Officer to provide oversight and challenge of the first line's implementation of GLBA's privacy provisions and other consumer data protection requirements


Incident Oversight:



  • Establish minimum standards for the first line's incident response, business resilience, and cyber recovery programs; review and challenge the design, testing, and continuous improvement of those programs.
  • Serve in an advisory and oversight capacity during material security incidents; perform independent post-incident reviews of first-line response effectiveness and root-cause remediation, and report findings to executive management and the Board.


Security Culture and Awareness Oversight:



  • Establish enterprise expectations for the first line's security awareness and role-based training programs, and independently assess their effectiveness through metrics, phishing test results, and behavioral indicators.
  • Monitor and report on the enterprise security risk culture; identify gaps and recommend improvements to executive management and the Board.


Technology and Control Oversight:



  • Set control objectives and minimum technical standards for security architecture and tooling; review and challenge first-line technology selection, design, and deployment decisions for alignment with risk appetite.
  • Independently test and validate the design and operating effectiveness of key security controls operated by the first line; document findings and track remediation through closure.


Three Lines of Defense Coordination:



  • Coordinate with first-line technology and business owners, Enterprise Risk Management, Compliance, Legal, and Internal Audit (3LOD) to ensure clear roles, avoid duplication, and maintain the independence of the second-line challenge function.
  • Engage with business and technology leaders to understand strategic initiatives, provide advisory input on emerging security risks, and assess whether first-line risk management is commensurate with the risks taken.


Independent Reporting and Governance:



  • Produce independent reporting on the Bank's security risk posture, control effectiveness, key risk indicators, and emerging threats for executive management, the Risk Committee, and the Board, with an unfiltered reporting line that does not require first-line approval.
  • Review first-line security metrics, key risk indicators (KRIs), and breach/event trends to form an independent view of risk position relative to appetite.


Business Continuity Ownership:



  • Develop and maintain business continuity and resiliency plans.
  • Conduct business impact analyses and continuity risk assessments.
  • Coordinate continuity testing, exercises, and corrective actions.
  • Maintain business continuity governance, reporting, and documentation.
  • Lead crisis response and recovery coordination during disruptions.
  • Partner with business units and vendors to strengthen operational resilience.
  • Monitor compliance with continuity policies and regulatory expectations.
  • Deliver business continuity training and awareness programs.
  • Report continuity risks and program performance to management.
  • Align business continuity, disaster recovery, and incident management activities.


What you'll need to be successful:

Success in this job relies on your time management skills, organization, and positive attitude. In addition, you'll need the following qualifications:





    • Minimum of 10 years of experience in information security, technology risk, or operational risk management within the Financial Services sector, with at least 5 years in a second line of defense, risk oversight, or audit capacity
    • Minimum of 5 years Mid to Large Bank experience, including direct interaction with regulators (OCC, FRB, FDIC, NYDFS, or state banking departments) and the Board or its Risk Committee
    • Bachelor's Degree preferred
    • Expert knowledge of three-lines-of-defense risk governance, enterprise risk management frameworks, regulatory expectations (FFIEC IT Handbook, NIST CSF, NYDFS Part 500, GLBA, SR Letters), and the principles of independent challenge and effective challenge.
    • Strong analytical reasoning, problem solving and critical thinking skills
    • Strong computer and organizational skills
    • Strong oral and written presentation skills
    • Ability to work independently with a multi-level team
    • Ability to multi-task and meet deadlines
    • Strong proficiency with Microsoft Office (Word, Excel, Outlook, etc.);






    • Preferred Certifications:



      • Current Certified Information Systems Security Professional (CISSP)
      • Current Certified in Risk and Information Systems Control (CRISC)
      • Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or equivalent risk/audit certification preferred





    What we offer:

    Because we recognize and reward hard work, we offer a competitive salary, a full benefits package, and the potential for a performance-based bonus.

    What to do next: If Cornerstone sounds like the place for you (and if you have the qualifications, drive, and passion to match), we invite you to become a member of our winning team! And remember, once you're part of our Cornerstone family, we'll continue to invest in you as a valuable asset in our company. As many of our team members can tell you, there's something special about working at Cornerstone.

    Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

    This employer is required to notify all applicants of their rights pursuant to federal employment laws.
    For further information, please review the Know Your Rights notice from the Department of Labor.
    Applied = 0
    MORE JOBS LIKE THIS

    (web-77cf7d65c7-wz29x)