Chief Information Security Officer

JOB SUMMARY

Chief Information Security Officer is responsible for the planning and development of the Bank’s information security program which includes establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. Addresses ongoing threats associated with cybercrime and online banking fraud ensuring the network and systems are secure from internal and external threats. Provides timely information to Royal Business Bank customers, employees, and Board of Directors. Responds to incidents, establishes appropriate standards and controls, manages security technologies, and directs the establishment and implementation of policies and procedures. Ensures compliance with all existing laws and regulations as they relate to functions within the supervision, including the Bank Secrecy Act.

DUTIES

• Develop and implement security policies and procedures including user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and firewall, IDS, file transfer, and encryption policies.
• Identify security risks in network infrastructure, systems, and facilities and develop course of action to remediate security risks.
• Lead initiatives to enhance the bank’s cybersecurity posture, including threat intelligence, advanced analytics, and automated response mechanisms.
• Ensure tools and technologies are in place and being used effectively to reduce the risk of attacks against the network and systems, i.e., champion the threat intelligence program.
• Maintain knowledge of changing technologies and provide recommendations on emerging technologies such as artificial intelligence, block chain, tokenization, etc., and related security best practices.
• Enforce security policies and procedures by administering and monitoring security profiles, reviewing security violation reports, investigating security exceptions, updating and maintaining security control documentation.
• Foster a culture of innovation within the security team and encourage the exploration and adoption of new tools and methodologies.
• Maintain reliable, up-to-date, information from government agencies and security experts, e.g., FS-ISAC, US-CERT, and professional publications regarding the identification of emerging security threats and vulnerabilities.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Identify potential areas where existing security policies and procedures require change, or where new policies need to be developed.
• Ensure measures and systems are in place to prevent data loss; implement necessary security measures and systems to protect against data loss, e.g., firewalls, intrusion detection systems, antivirus software, threat intelligence systems, and data loss protection systems.
• Understand and interact with related disciplines through different committees to ensure the consistent application of information security policies and standards across all technology projects, systems, and services.
• Review user access certifications to verify application entitlements are appropriate for each user’s role and responsibilities.
• Maintain and enhance a strategic, comprehensive enterprise information security policy and IT risk management program.
• Provide management and Board of Directors information on IT risk assessments, security policies, security reports, security briefings, etc. related to Bank security.
• Evaluate and recommend security products, services, and procedures to enhance the overall information security program.
• Maintain all Bank policies and procedures associated with the information security program.
• Perform due diligence on third-party service providers and mission-critical systems to verify the adequacy and effectiveness of information security controls and incident response/disaster recovery plans.
• Review IT vendor SOC, SSAE, and ISO reports on an annual basis to ensure adequate security measures are in place to safeguard customer data.
• Act as a liaison with the Bank's managed security service provider:
• Receive security alerts and coordinate appropriate responses.
• Research security alerts including identifying source IP address, destination IP address, level of risk, devices affected, etc.
• Respond to security alerts with appropriate communications and measures
• Request security updates to firewall and IDS
• Maintain information on upcoming changes and enhancements to the managed security services.
• Act as a member of the Information Technology Committee and the Business Continuity and Incident Response teams.
• Provide guidance on audits, assessments, table-top exercises, and penetration test responses to ensure compliance and identify areas for improvement.
• Develop and provide training information to business stakeholders to increase awareness of cybersecurity risk.
• Report any suspicious security-related activity to a supervisor or the Bank Security Act officer.
• Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture.
• Build and maintain relationships with external security partners, vendors, and consultants to enhance the bank's security capabilities.
• Performs other duties as assigned.

QUALIFICATIONS

EDUCATION: Bachelor‘s Degree in Information Security, Computer Science, Information Technology, or other related field. Or equivalent work experience.

EXPERIENCE: Minimum of 10 years of combined information security, risk management, and IT work experience with a broad range of exposure to systems analysis, application development, infrastructure/network and multi-platform environments; five or more years of experience with information security preferably with a financial institution. Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials, is required. Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet enterprise objectives.

SKILLS/ABILITIES

• Team player.
• Detail oriented
• Ability to multi-task
• Proficient in mathematics, accounting or finance.
• Intermediate Excel skills;
• Experience with ProfitStar, ITI/Fiserv, and Prologue a plus.
• Strong verbal and written communication skills.
• Bilingual (English/Mandarin) is a plus.

WHY WORK FOR US?

Since opening our first branch in Los Angeles in 2008, Royal Business Bank (RBB) has grown rapidly by adding branches in Southern California, Nevada, New York, New Jersey, Chicago and Hawaii. We offer a comprehensive and innovative suite of banking services for individuals and businesses. We have great benefits that include, but not limited to:

• Excellent management and communication skills
• Both written and verbal
• Ability to travel
• Ability to work effectively with all levels of management
• End-users and vendors.

Royal Business Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policies (GLBA Privacy Notice, California Consumer Privacy Act and Online Privacy) at our website www.royalbusinessbankusa.com. Royal Business Bank is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.