Jobs · Management · Texas

Director, Integrated Security

Cornerstone Capital Bank · Houston, TX · 1 mo ago
ManagementFull-time

Job Summary

The Director, Integrated Security is responsible for developing, implementing, and maintaining a comprehensive information security program to protect the bank's data and systems, ensuring compliance with regulations and industry standards.

Responsibilities

  • Establish and maintain the enterprise security risk management framework, including risk appetite statements, policies, minimum control standards, and risk taxonomies that the first line is required to implement.

  • Review and challenge first-line policies, standards, and procedures to confirm alignment with regulatory expectations, the Bank’s risk appetite, and industry frameworks (e.g., NIST CSF, FFIEC CAT, ISO 27001).

  • Perform independent assessments of the first line’s identification, measurement, and management of security risks, including review of risk and control self-assessments (RCSAs), issue management, and key risk indicators.

  • Provide credible challenge to first-line risk treatment decisions, exception requests, and risk acceptances; escalate unresolved concerns through governance committees to executive management and the Board.

  • Monitor and independently assess first-line compliance with applicable laws, regulations, and supervisory expectations (e.g., GLBA, FFIEC IT Handbook, NYDFS Part 500, SEC cybersecurity disclosure rules, state privacy laws); track remediation of regulatory findings and matters requiring attention (MRAs).

  • Partner with the Chief Privacy Officer to provide oversight and challenge of the first line’s implementation of GLBA’s privacy provisions and other consumer data protection requirements.

  • Establish minimum standards for the first line’s incident response, business resilience, and cyber recovery programs; review and challenge the design, testing, and continuous improvement of those programs.

  • Serve in an advisory and oversight capacity during material security incidents; perform independent post-incident reviews of first-line response effectiveness and root-cause remediation, and report findings to executive management and the Board.

  • Establish enterprise expectations for the first line’s security awareness and role-based training programs, and independently assess their effectiveness through metrics, phishing test results, and behavioral indicators.

  • Monitor and report on the enterprise security risk culture; identify gaps and recommend improvements to executive management and the Board.

  • Set control objectives and minimum technical standards for security architecture and tooling; review and challenge first-line technology selection, design, and deployment decisions for alignment with risk appetite.

  • Independently test and validate the design and operating effectiveness of key security controls operated by the first line; document findings and track remediation through closure.

  • Coordinate with first-line technology and business owners, Enterprise Risk Management, Compliance, Legal, and Internal Audit (3LOD) to ensure clear roles, avoid duplication, and maintain the independence of the second-line challenge function.

  • Engage with business and technology leaders to understand strategic initiatives, provide advisory input on emerging security risks, and assess whether first-line risk management is commensurate with the risks taken.

  • Produce independent reporting on the Bank’s security risk posture, control effectiveness, key risk indicators, and emerging threats for executive management, the Risk Committee, and the Board, with an unfiltered reporting line that does not require first-line approval.

  • Review first-line security metrics, key risk indicators (KRIs), and breach/event trends to form an independent view of risk position relative to appetite.

  • Develop and maintain business continuity and resiliency plans, conduct business impact analyses and continuity risk assessments, coordinate continuity testing, exercises, and corrective actions, maintain business continuity governance, reporting, and documentation, lead crisis response and recovery coordination during disruptions, partner with business units and vendors to strengthen operational resilience, monitor compliance with continuity policies and regulatory expectations, deliver business continuity training and awareness programs, report continuity risks and program performance to management, align business continuity, disaster recovery, and incident management activities.

Qualifications

  • Minimum of 10 years of experience in information security, technology risk, or operational risk management within the Financial Services sector, with at least 5 years in a second line of defense, risk oversight, or audit capacity.

  • Minimum of 5 years Mid to Large Bank experience, including direct interaction with regulators (OCC, FRB, FDIC, NYDFS, or state banking departments) and the Board or its Risk Committee.

  • Bachelor’s Degree preferred.

  • Expert knowledge of three-lines-of-defense risk governance, enterprise risk management frameworks, regulatory expectations (FFIEC IT Handbook, NIST CSF, NYDFS Part 500, GLBA, SR Letters), and the principles of independent challenge and effective challenge.

  • Strong analytical reasoning, problem solving and critical thinking skills.

  • Strong computer and organizational skills.

  • Strong oral and written presentation skills.

  • Ability to work independently with a multi-level team.

  • Ability to multi-task and meet deadlines.

  • Strong proficiency with Microsoft Office (Word, Excel, Outlook, etc.).

  • PREFERRED CERTIFICATIONS:

    • Current Certified Information Systems Security Professional (CISSP)

    • Current Certified in Risk and Information Systems Control (CRISC)

    • Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or equivalent risk/audit certification

Similar jobs

Director of Security

FluidstackNew York, NY· 3 wk ago
Management$300k–$400k/yrapply on jobs.ashbyhq.com

Director of Security

Sequoia LivingSan Francisco, CA· 1 wk ago
Information Technology$97k–$114k/yrapply on app.jobvite.com

Director of Security

Applied Research SolutionsBeavercreek, OH· 4 wk ago
Information Technologyapply on recruiting.ultipro.com

Director of Security

Lanteris Space SystemsPalo Alto, CA· 2 wk ago
Management$176k–$294k/yrapply on maxar.wd1.myworkdayjobs.com

Director of Security

Loews Hotels & CoTucson, AZ· 2 mo ago
Information Technologyapply on loewshotels.wd5.myworkdayjobs.com