POSITION PURPOSE

Information Security is essential to what we do, from protecting our customers to our associates to our intellectual property. The Chief Information Security Officer is accountable for leading our Information Security Team and overseeing the Information Security Program and its continued improvement.

The Chief Information Security Officer will enable the business in security and risk management and will (1) lead the team to manage exceptions, and document alignment of both requirement drivers and adherence monitoring processes related to policy; (2) work on the cutting edge of security and technology and address new risks; (3) collaborate and innovate with other groups within Prosperity Bank to continue to mature the Bank’s Information Security Program.

ESSENTIAL FUNCTIONS AND BASIC DUTIES

1. Leading and directing the Information Security organization
2. Establishing a strategy for ensuring the Bank’s security posture in alignment with corporate strategy and objectives
3. Coordinating security-related activities with key stakeholders, including Information Technology, Data Governance, and business functions
4. Aligning policies and procedures to laws, regulations, guidance, best practices, industry standards, and internal risk requirements.
5. Leading projects on security policy emphasizing the identification, understanding, and socialization of new risks
6. Measuring and reporting on the Bank’s cybersecurity position and level of compliance with stated security policy standards 
7. Approving and tracking security policy exceptions and tracking policy violations
8. Approving requests for changes in the Bank’s technology environment having a cybersecurity impact 
9. Defining and refining security policy requirements to address the risks presented by new and emerging technologies
10. Consulting on information security policy compliance for unique issues
11. Assessing and reporting to senior management and directors on information security risk across the enterprise
12. Overseeing the incident response plan and directing incident response activities
13. Remaining current on developments in the cyber-security industry including: security alerts, bugs, zero day issues, vulnerabilities, viruses and malware, and providing evaluation and recommendations depending on their potential impact
14. Managing the use and reporting of outputs of designated internal security systems
15. Directing security activities and assessments with key third party security partners and develop the responses, the remediation, and ongoing adherence from those reports
16. Establishing and maintaining the business plan and budget for program activities
17. Interacting with exam and audit personnel, responding to requests for information, and addressing noted findings
18. Working closely with the project management and vendor management teams in providing timely security reviews and assessments to potential technologies being considered by the organization
19. Providing security awareness training for the employees and Boards of Directors
20. Serving on various technology and risk committees
21. Other duties as assigned

The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this job description amended at any time.

SUPERVISORY RESPONSIBILITIES:

• Lead and manage team through training, developing, and coaching associates on a consistent basis
• Encourage others to set challenging goals and high standards of performance 
• Inspire associates to define new opportunities and continuously improve the organization
• Celebrate and reward significant achievements of associates
• Present logical and persuasive case for proposals and positions
• Assist team in addressing their individual strengths and development needs

EDUCATION/CERTIFICATION: 
Bachelor’s degree in Computer Information Sciences, Information Technology, Engineering or a related technical field; orAssociates GSEC, SSCP, CISSP certification is preferred RSA Security Analytics – Preferred 

EXPERIENCE REQUIRED:
7 years of practical IS/IT work experience in financial services with direct knowledge surrounding enterprise security technologies such as SIEM, firewalls, VPN, IPS/IDS, content filters, AV, and similar
Experience utilizing common frameworks including FFIEC, NIST, ISO 5 years’ experience in a management capacity with experience working with business leaders in collaborating on technology and security items 5 years technical experience in skills including Vendor Management, Information Security, IS Program Management, and/or Security Vendor Management
Experience with managing small focused teams

KNOWLEDGE REQUIRED:
Knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment 
Demonstrated ability to integrate business needs and exceptional customer service with that of maintaining a strong security framework

SKILLS/ABILITIES:
Excellent written and oral English communication and presentation skills
Ability to discuss security topics with non-technical audiences
Willingness to work beyond standard business hours when necessary
Ability to keep multiple concurrent tasks and projects moving forward
Possess strong analytical and troubleshooting skills.

Preferred additional skills
Technical experience with a minimum of four years’ experience in one or more of the following: computer network penetration testing and techniques; computer evidence seizure, computer forensic analysis, and data recovery; computer intrusion analysis and incident response; intrusion detection; computer network surveillance/monitoring; network protocols, network devices, multiple operating systems, and secure architectures.

Ability to obtain a security clearance. 

Applicable Certifications: CISSP, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (CGIH), GIAC Certified Forensic Analyst (GCFA)