SVP, Chief Information Security Officer

Banc Of California And Your Career

Banc of California, Inc. (NYSE : BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California. Banc of California is one of the nation's premier relationship-based business banks focused on providing banking and treasury management services to small, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services, with full-service branches throughout California and Denver, Colorado, as well as full-stack payment processing solutions through its subsidiary, Deepstack Technologies. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more. At Banc of California, our success is driven by our people, and we take pride in fostering an environment where everyone can reach their full potential. We embrace a culture of empowerment, progressive thinking, and entrepreneurial spirit, ensuring our team members have an opportunity to make an impact and play an important role in the future of Banc of California. Our core values Entrepreneurialism, Operational Excellence, and Superior Analytics empower us in creating a dynamic and inclusive workplace. We are committed to supporting your growth and well-being with comprehensive benefits, career development programs, a variety of employee resource groups, and more.

The Opportunity

Responsible for the information security program at Banc of California Inc. The CISO position is a second "line of defense" role and reports directly to the Chief Risk Officer ("CRO") of the Company to ensure proper independence. The successful CISO will interact frequently with the CRO, CEO, Chief Information Officer, Business and Operational support units, Senior Executives and Board in fulfilling his / her responsibilities. The CISO is responsible for working with the senior executive team and Board in articulating the risk appetite of the Company for information security. The CISO will translate that risk appetite into a robust information security program by : developing KRIs / KPIs that establish appropriate risk thresholds and performance targets for the various aspects of the program, demonstrating experience and competency in all aspects of information security, and providing leadership and strong and effective communications throughout the Company. A successful Information Security Program will include the following elements : strong governance (policies, procedures, guidelines), quantitative and qualitative metrics to measure and monitor all aspects of our information security capabilities, a strategic roadmap which articulates key initiatives and spend to support the program, company-wide training and awareness of threat vectors and precautions that all employees should adhere to, remaining current with regard to industry best practices and regulatory requirements and expectations. Performs all duties in accordance with the Company's policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates.

How You'll Make A Difference

Develop an enterprise information security framework and program consistent with regulatory and industry best practices (i.e., FFIEC, NIST, etc.) Ensure data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization. Develop methodologies to perform risk assessment, business impact analysis, and security assurance to improve systems and operational security. Conduct threat assessments and IT security reviews to assess business and technology risks within the current operating model. Champion enhancements where appropriate. Align the information security program, strategies, services, and investment recommendations with the risk appetite and strategic business plan of the Company. Review and approve third party and vendor outsourced functions, services and tools to ensure that they meet the Company's internal standards for information security and privacy. Work closely with fellow Enterprise Risk Management and IT personnel to ensure that the Company has a strong Business Continuity and Disaster Recovery program with regard to all aspects of our data, systems, storage, and connectivity. Performs personnel actions including performance appraisals, disciplinary actions, and interviewing candidates for employment; supervises the daily activities of the team including, but not limited to, effective delegation of assignments, developing work schedules and providing necessary training. Develops, establishes, plans, coordinates, prioritizes, assigns, reviews and oversees the overall goals, objectives and policies and procedures for the information security and privacy program; implements approved policies and procedures, ensures compliance with established policies and procedures and makes recommendations for changes and improvements. Partner and influence across the organization. Demonstrate strong leadership and management skills and the ability to secure results through others. Develops and delivers information security, privacy and data loss prevention programs to include information in electronic, print and other formats. Assist in the identification, implementation and maintenance of the information privacy practices, standards and procedures. Ensures information security efforts system-wide are properly coordinated and in compliance with reducing the overall security risk. Perform ongoing privacy compliance monitoring activities and acts as a subject matter in the area of privacy and GLBA. Ensures that information created, acquired or maintained is used in accordance with its intended purpose to protect its infrastructure from external or internal threats and to ensure the organization complies with statutory and regulatory requirements regarding information access, security and privacy. In addition to; participate in the development, implementation and ongoing compliance monitoring of all business agreements involving NPI to ensure that privacy requirements and responsibilities are addressed. Ensures data custodians and governance in the development of Information Security policies and procedures and will oversee the dissemination of standards and procedures. Conducts access and entitlement reviews on applications with access to NPI as required by regulations. Implements an ongoing risk assessment program targeting information security and privacy matters; recommends methods for vulnerability detection and remediation and performs and / or oversees vulnerability testing. Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the organization. Conducts continual research to maintain knowledge of technology, customer needs and overall requirements; stays current with advancements in technology relative to data administration, security, related services, and FFIEC Guidelines; makes recommendations to evolve information security practices and procedures to accommodate such changes. Establish a privacy assessment program to ensure enterprise wide compliance with internal policies, rules and regulations. Coordinate and conduct privacy assessments designed to measure the performance and quality of the organization privacy program. Provide information in response to internal and external inquiries regarding the state of privacy compliance and trending reports. Maintains advanced knowledge and awareness of financial industry technical status and trends. Monitors staff in daily tasks, operations and quality control; ensures the organization of assigned areas of the department, coordinating available resources (e.g., staff, materials, etc.) for maximum results. Oversee and ensure delivery of privacy training to all appropriate employees and business associates. Consistently applies superior decision making techniques pertaining to inquiries, approvals and requests as they apply to existing policies and procedures, keeping within assigned approval limits and using these instances as learning tools for employee development. Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions. Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action. Follows policies and procedures; completes tasks correctly and on time; supports the company's goals and values. Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one's own actions and conduct. Performs other duties and projects as assigned.

What You'll Bring

Essential Knowledge, Skills, and Abilities : Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with state and federal regulations and laws as they pertain to this position including but not limited to the following : Regulation Z (Truth in Lending Act), Regulation B (Equal Credit Opportunity Act), Fair Housing Act (FHA), Home Mortgage Disclosure Act (HMDA), Real Estate Settlement Procedures Act (RESPA), Fair Credit Reporting Act (FCRA), Bank Secrecy Act (BSA) in conjunction with the USA PATRIOT Act, Anti-Money Laundering (AML) and Customer Information Program (CIP), Right to Financial Privacy Act (RFPA, state and federal) and Community Reinvestment Act (CRA). Experience in information privacy laws and regulations such as GLBA. Knowledgeable in all branch functions associated with origination, processing and closing. Intermediate skills in computer terminal and personal computer operation; Microsoft Office applications including but not limited to : Word, Excel, PowerPoint and Outlook. Intermediate math skills; calculate interest and percentages; balance accounts; add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals; locate routine mathematical errors; compute rate, ratio and percent, including the drafting and interpretation of bar graphs. Effective organizational and time management skills. Exceptional oral, written and interpersonal communication skills. Ability to make decisions that have moderate impact on the immediate work unit and cross functional departments. Ability to organize and prioritize work schedules on a short-term and long-term basis. Ability to provide consultation and expert advice to management. Ability to make informal and formal presentations, inside and outside the organization; speaking before assigned team or other groups as needed. Ability to deal with complex difficult problems involving multiple facets and variables in non- standardized situations. Ability to work with little to no supervision while performing duties.

Education, Experience and / or Licenses : Bachelor's degree from an accredited university; or 10+ years of related experience and / or training. Work related experience must consist of information systems management experience in the financial services industry. Educational experience