VP of Information Security Risk Officer (ISRO)

Responsibilities of the VP, Information Security Risk Officer:
Strategic Leadership and Technology Vision:

Lead the IT Steering Committee, conducting quarterly meetings and serving as a voting member
Maintain oversight of the MSP relationship (Integris) and the information security program
Partner with leadership to align technology with business goals, oversee enterprise infrastructure and information security, and drive innovation to enhance client and employee experience
Oversee the IT Officer, fostering a culture of accountability, innovation, and continuous learning
Present technology strategy and risk updates to the board and leadership as needed
Develop and lead staff technology and information security training
Lead the cross-functional business continuity team through disasters and other incidents
Lead the key vendor review process, including due diligence and contract renewals
Proactively assess new company initiatives and provide guidance on inherent security risks

Policy Development and Maintenance:

Author, maintain, and version-control all enterprise IT policies and procedures
Review, update, and present information security and business continuity plans
Develop a formal policy review calendar and lead all reviews of technology governance documents
Create and maintain IT operational procedures, standards, and control documentation
Translate regulatory guidance, examination findings, and industry frameworks (NIST, FFIEC, ISO 27001, GLBA, SOC 2) into actionable internal policy requirements
Update and document processes using flowcharts, narratives, and risk and control matrices
Regulatory Compliance, Risk Management, and Audit Coordination
Serve as the primary point of contact for all IT-related regulatory examinations, internal and external audits, and manage responses, tracking all findings to resolution
Stay current on cybersecurity standards, including NIST CSF updates, FFIEC guidance, and relevant CISA advisories
Monitor evolving federal and state banking regulations (GLBA, FFIEC IT Examination Handbook, Texas Department of Banking, etc.) and communicate changes
Ensure timely updates to internal policies and procedures in response to regulatory guidance
Design and test IT general controls and ensure proper documentation for SOC reports and other attestation requirements
Coordinate periodic testing, including user access, clean desk, disaster recovery, and incident response
Understand and comply with the Bank Secrecy Act and Know Your Customer procedures
Develop and maintain knowledge of fiduciary tax laws and the Texas Trust Code

Qualifications of the VP, Information Security Risk Officer:

10 years of experience in information security risk management, compliance, or IT leadership within financial services or banking
Bachelor s degree in Management Information Systems, Computer Science, Cybersecurity, Business Administration, or related field preferred
Knowledge of FFIEC with CCISO, CISM, or CISSP designations preferred
Willingness to learn GWES trust accounting system and other firm technologies
Proficiency in Microsoft Office products including Word, Excel, and Outlook
Self-starter with strong initiative, sound judgment, and problem-solving skills
Team-oriented with a positive attitude and collaborative mindset
Discreet and reliable, with the ability to handle highly confidential financial and personal information