Chief Information Security Officer
First Financial Bank

Job Info

---

We do the right things, right now. We do them in a way that is relevant to our clients. Become a part of our history as it continues to be written!

If you are interested and qualified for this role, we invite you to apply.

The Chief Information Security Officer is a seasoned, organizational leader with a strong technical background and experience partnering, leading and influencing across business units with all levels of leadership. The Chief Information Security Officer is responsible for establishing and maintaining an enterprise information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets information security compliance and regulatory requirements, and supports the risk posture of the enterprise. This role will bring strategic thought leadership with sound knowledge of business objectives and advanced technical knowledge of information security methodologies and technologies. It is critical for this individual to be able to develop forward-thinking, industry leading vision and strategy to ensure First Financial Bank is a strong leader in security. The position will proactively develop strong partnerships with business units to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of technology related risk management activities. The Chief Information Security Officer serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of client, business partner, associate and business information in compliance with the organization's information security policies. A key element of the role is working with senior and executive management to determine acceptable levels of risk for the organization. The Chief Information Security Officer will be a seasoned thought leader, a consensus builder, and an integrator of people and processes. He or she must also be able to coordinate disparate priorities, constraints and personalities, while maintaining objectivity and a strong understanding that security is critical in maintaining and achieving business objectives.

Essential Functions/Responsibilities

• Develop, implement and monitor a strategic, comprehensive enterprise information security and cyber risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Manage the enterprise's information security organization, consisting of architectures, direct reports and indirect reports (such as Security Engineering, Identity and Access Management, Security Programs, and Physical Security). This includes hiring, training, staff development, performance management and annual performance reviews.
• Facilitate information security governance through the implementation and maintenance of an Office Enterprise Security department charter.
• Develop, maintain and publish up-to-date information security policies, standards, and procedures. Oversee the approval, training, and dissemination of security policies and practices.
• Create, communicate and implement a risk-based process for third party security management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
• Develop and manage the Office of Enterprise Security budgets and monitor them for variances.
• Provide regular reporting on the current status of the enterprise security program to enterprise risk committees, senior management teams, and the board of directors as part of a strategic enterprise security management program.
• Provide a cybersecurity report or training to the board of directors at least annually
• Create roles and responsibilities with regard to enterprise information security ownership.
• Provide strategic risk guidance for enterprise projects, including the evaluation and recommendation of technical controls.
• Liaise with the Information Technology team to ensure alignment between enterprise security and information technology, thus coordinating the strategic planning implicit in these architectures.
• Sponsor, manage, and coordinate cyber security projects with resources from OES, IT, and business unit teams.
• Ensure that enterprise security program is in compliance with relevant laws, regulations and policies to minimize or mitigate risk and audit findings.
• Liaise among the Office of Enterprise Security and risk, corporate compliance, fraud, financial reporting, internal audit, legal, and HR management teams as required.
• Manage cyber security incidents and events to protect corporate assets, including intellectual property, regulated data and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Coordinate the use of external resources involved in the enterprise security program.
• Track and measure the efficiency and effectiveness of the enterprise security program.
• Understand and interact with related disciplines through existing committees to ensure the consistent application of policies and standards across all projects, systems and services, including, but not limited to, privacy, risk management, and compliance.
• Coordinate audit-related tasks such as ensuring the readiness for audit testing and facilitating the timely resolution of audit findings.
• Evaluate any related external frameworks or standards (e.g., ITIL, COBIT, National Institute of Standards and Technology [NIST], etc.) or internal standards to determine the relevant cyber security framework requirements and controls.
• Implement the required security compliance policies and controls to meet the desired level of compliance maturity reflected in a given standard or framework.
• Develop, implement, and monitor the processes for forensically gathering evidence from any node on the network.
• Track the management of litigation holds, ensuring the integrity of evidence and delivering any requested information to the appropriate individuals.
• Work with the legal department on general topics, specific cases and projects as needed.
• Research, design, and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
• Utilize threat intelligence providers to gain insight into existing activities of threat actor communities, as well as planned activities and emerging motivations.
• Develop and maintain the cybersecurity breach incident response program and process, including all required supporting materials. Additionally, develop functional requirements for roles that will be involved in the cyber security breach program, and acting as a liaison throughout the entire organization for coordination of cyber security breach program activities.

Minimum Knowledge, Skills, and Abilities Needed to Perform Essential Functions of the Job

• Masters degree or equivalent executive experience in Information Systems, Information Technology, Business Administration or related field.
• Minimum of 10 + years in the field of Information Security, including five to eight years of significant technical leadership.
• Ability to be an effective leader in a fast paced environment and an ability to be highly adaptive.
• Ability to establish, maintain, and monitor a budget for an enterprise security department.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard, OOC, Federal Reserve, ODFI, and FFIEC.
• Strong organizational skills and the ability to perform in a command-and-control role under pressure, and the ability to manage multiple priorities with competing demands for resources
• Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios
• Experience in planning, organizing, and developing information technology policies, procedures and practices.
• Experienced in and able to formulate the cost benefit of security initiatives in the context of overall business risk mitigation and the company's operational objectives. Ability to compare, contrast and prioritize among alternative approaches to meet those objectives.
• Understanding of a wide range of information security compliance and regulatory requirements.
• Understanding of core information security functions (e.g., strategy, operations, assessments incident response, investigations, consulting, and compliance).
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC) or other similar credentials, is required.

Preferred Knowledge and Skills

Level of Complexity and Scope

• Makes highly complex decisions on direction and strategy for the OES department
• Makes highly complex decisions on controls used to mitigate cybersecurity and physical security risks
• Solves highly complex problems involving multiple lines of business to reduce risk to the bank

Degree of Independence and Decision-Making

• Provides leadership of the OES department with minimal direction from executive management
• Leverages the corporate risk appetite and regulatory requirements to make decisions regarding budget, strategy, and roadmap for cybersecurity and physical security
• Manages a budget for the OES department
• Communicates security strategy to members of executive management and board of directors

Required Supervisory Responsibilities

• Manage a team of direct reports.

Physical Requirements

• Occasionally lifts and carries less than 10 lbs.
• Occasionally stands and walks.
• Frequently sits.

Compliance Statement

The associate is responsible for meeting all compliance requirements imposed on First Financial Bank by State and Federal law and regulation, as well as all related First Financial Bank policies and procedures. This includes all Bank Secrecy Act, Anti-Money Laundering, OFAC and Suspicious Activity reporting requirements, as well as all other lending and deposit compliance requirements.

Development and Training

It is our policy to not discriminate against any individual in violation of federal, state, and local laws as it relates to age, race, color, religion, national origin, sex, marital status, pregnancy, gender identity, disability, sexual orientation, genetic information, veteran/military service, or any other characteristic protected by law.

We are an E-Verify Employer.

This job has expired.