Overview

At Texas Capital Bank, we are driven by a single-minded and unwavering mission: to serve business and the individuals who run them. We use a consultative approach and innovative technologies to develop new ideas that give the bank and our clients a competitive advantage. We partner with our customers to push the boundaries of what’s possible—together.Headquartered in Dallas, Texas Capital Bank has offices in Austin, Fort Worth, Houston, Richardson, Plano and San Antonio, and we serve clients in a variety of industries from coast-to-coast.

We are on the Forbes Best Banks in America list, and were named a top place to work by The Dallas Morning News, Houston Chronicle and San Antonio Express-News. For further information, please visit us at www.texascapitalbank.com.

The Information Security Cyber Assessment Team objective is to ensure that the Bank can effectively assess cyber threats and risks against the Bank. The primary role of the Information Security Manager, Cyber Assessment is to lead and develop cybersecurity program assessments of new and existing people, process, and technology for the Information Security Department. The work will include assisting the Information Security Cyber Assessment Sr. Manager with new and ongoing cybersecurity program assessments of divisions within the Information Security Department.

Responsibilities

• Lead & perform complex information security cybersecurity program assessments of current and prospective people, process, and technology divisions of the information security department to assess their control structure and alignment to regulatory, federal/state guidelines and information security bank requirements.
• Partner with internal business units and third parties to inventory all services, status, performance, and cyber risk assessments.
• Lead a cybersecurity program assessment in alignment with various cybersecurity and IT Risk frameworks (NIST, ISO, COBIT, CIS, etc).

• Coordinate and lead staff interviews, document analysis, requirements workshops, surveys, site visits, business process descriptions, business analysis and workflow analysis.
• Increase awareness, influence, and ensure consistent maturation of the security program.
• Develop KPI/KRI metrics for the Cybersecurity Assessment team.
• Maintain a very strong knowledge of the regulatory cyber risk requirements to ensure that each information security program meets those requirements. Must be able to competently interpret and apply the requirements independently to mitigate cyber risk to the Bank.
• Lead development of cyber risk assessment program
• Mentor, develop, and lead other analysts within the department on how to assess information security departments.

Qualifications

• Bachelor's Degree required in a related Information Technology or Computer Science discipline, or equivalent experience required.
• 3-7 years’ experience in a position in cyber risk management and/or adherence to regulatory requirements (e.g., PCI; FFIEC CAT; or GLBA) related to the financial services or other heavily regulated industry.

• Ability to set-up, facilitate and lead service improvement/’WorkOut’ sessions with a range of business stakeholders (incl. Experience of process/value stream mapping).
• Takes accountability for ideas from inception to delivery, in an environment that requires robust metrics to confirm success.
• Excellent verbal and written communication skills and the ability to interact professionally with a diverse group of partners, senior managers, and subject matter experts.
• Proven ability to manage positive relationships with all levels of management and affect key decisions and outcomes.
• Able to act independently and decisively when making decisions regarding both the technological and critical regulatory environment and daily business issues.
• Experience performing cyber risk reviews to assess security implications and requirements for introduction of new and existing people, process, and technology within the cybersecurity domain.
• Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.