VP, INFORMATION SECURITY RISK OFFICER

This role carries accountability for the organization’s technology roadmap, vendor ecosystem, cybersecurity posture, IT compliance, and digital transformation initiatives. Serving as the subject matter expert on regulatory technology requirements, the Information Security Risk Officer is also responsible for technology policies and procedures and acts as the primary contact for IT and Information Security exams and audits.

Responsibilities of the VP, Information Security Risk Officer:

Strategic Leadership and Technology Vision

• Lead the IT Steering Committee, conducting quarterly meetings and serving as a voting member

• Maintain oversight of the MSP relationship (Integris) and the information security program

• Partner with leadership to align technology with business goals, oversee enterprise infrastructure and information security, and drive innovation to enhance client and employee experience

• Oversee the IT Officer, fostering a culture of accountability, innovation, and continuous learning

• Present technology strategy and risk updates to the board and leadership as needed

• Develop and lead staff technology and information security training

• Lead the cross-functional business continuity team through disasters and other incidents

• Lead the key vendor review process, including due diligence and contract renewals

• Proactively assess new company initiatives and provide guidance on inherent security risks

Policy Development and Maintenance

• Author, maintain, and version-control all enterprise IT policies and procedures

• Review, update, and present information security and business continuity plans

• Develop a formal policy review calendar and lead all reviews of technology governance documents

• Create and maintain IT operational procedures, standards, and control documentation

• Translate regulatory guidance, examination findings, and industry frameworks (NIST, FFIEC, ISO 27001, GLBA, SOC 2) into actionable internal policy requirements

• Update and document processes using flowcharts, narratives, and risk and control matrices

Regulatory Compliance, Risk Management, and Audit Coordination

• Serve as the primary point of contact for all IT-related regulatory examinations, internal and external audits, and manage responses, tracking all findings to resolution

• Stay current on cybersecurity standards, including NIST CSF updates, FFIEC guidance, and relevant CISA advisories

• Monitor evolving federal and state banking regulations (GLBA, FFIEC IT Examination Handbook, Texas Department of Banking, etc.) and communicate changes

Qualifications of the VP, Information Security Risk Officer:

• 10 years of experience in information security risk management, compliance, or IT leadership within financial services or banking

• Bachelor’s degree in Management Information Systems, Computer Science, Cybersecurity, Business Administration, or related field preferred

• Knowledge of FFIEC with CCISO, CISM, or CISSP designations preferred

• Willingness to learn GWES trust accounting system and other firm technologies

What Our Client Offers

• Competitive Compensation including a discretionary annual bonus based on individual and company performance
• Long-Term Incentives through employee tracking stock grants that vest over five years, with dividend participation during the vesting period
• Comprehensive Benefits Package covering medical, dental, and vision insurance, with a significant portion of premiums paid by the company
• 401(k) Retirement Plan with company contributions based on total cash compensation after one year of service
• Generous Paid Time Off to support work-life balance
• Income Protection & Security including company-sponsored long-term disability and life insurance
• Onsite Perks such as free parking and access to a fully equipped fitness center, with optional training sessions during the work week
• Collaborative Culture offering the opportunity to work with a highly respected organization known for its long-tenured team, strong values, and commitment to professional growth