Vice President of Risk - Insight Global

Insight Global is providing executive recruiting services for a client in the FinTech sector. This position is direct hire (FTE) position with the FinTech client based out of the East San Francisco Bay Area.

SUMMARY:

Vice President, Information Security & Risk

(Direct Hire / Full-Time)

Insight Global is searching for a VP of Information Security Risk for our FinTech client located in the East Bay. This position will be mainly onsite full-time, leading a growing team and working hands-on in a new position dedicated to information technology risk. They will be reporting to the Chief Risk Officer, and regularly overseeing cybersecurity incidents and recovery efforts. They will be working as a senior VP in the risk organization, with most of their time aligned to the IT organization as their information security risk POC.

The VP is responsible for developing and reviewing cybersecurity control frameworks, defining KRIs and metrics, creating risk assessments, and testing and reviewing conformance. The VP tracks the actions of the first line of defense and analyzes the impact of those actions to determine their effectiveness in mitigating cyber risks and ensuring that risks are actively monitored and appropriately managed. In accordance with compliance and regulatory requirements

RESPONSIBILITIES:

• Lead the technology risk strategy and provide guidance and requirements to technology partners to enable the achievement of technology and security risk objectives
• Develop and maintain cybersecurity risk assessment framework and methodologies.
• Partner with first line operational teams to provide guidance and oversight. Provide effective 2nd Line challenge to Technology risk owners, including third party technology providers.
• Establish and enforce cybersecurity policies, standards, and guidelines in alignment with industry and regulatory standards and collaborate with first line of defense to ensure compliance and adherence to policies.
• Conduct independent audits of cybersecurity processes and controls.
• Develop key risk indicators, dashboards, and reports to measure and monitor risks and threats. Provide regular reporting to senior leadership, ARC committee, and board of directors on risk posture and control effectiveness.
• Provide independent oversight during cybersecurity incidents to ensure proper response and recovery measures.
• Oversee evaluations of third-party vendors to ensure practices align with organizational standards.
• Support risk training and education regarding the enterprise risk framework working with other risk areas; assist with development and rollout of content
• Provide support and security-related information as needed to business unit stakeholders.
• Facilitate audits and examinations by regulatory agencies. Create risk mitigation plans for audit findings and track the plans to completion.
• Possess strong technical writing and verbal communication skills.
• Requires strong analytical skills and experience creating an enterprise security strategy.
• Understand and comply with all applicable federal and state laws and banking regulations (including those related to OFAC and Bank Secrecy Act / Anti-Money Laundering compliance) and Patelco Credit Union's policies and procedures.

Qualifications

• B.S. Degree in Computer Science, Management Information Systems, or a related technical/business discipline is required.
• 15 years progressively responsible experience with information security, or an equivalent combination of education and relevant experience.
• 7+ years of relevant experience in Technology Risk Management, or IT Audit or other similar risk consulting or internal control functions, with experience designing, implementing, and managing complex risk programs and leading team members and stakeholders on the continued use and management of such programs
• Experienced in implementation of compliance standards, privacy laws and financial regulations into technology and business processes
• Information security certification required: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP).
• Extensive experience performing information security risk assessments, network penetration testing and vendor risk assessments.
• Strong experience in conducting vendor information security risk assessments.
• Extensive understanding of information security regulations and standards including: NCUA, GLBA and CCPA, PCI, FFIEC, and NIST 800 / ISO 27000.
• Working knowledge of National Credit Union Administration (NCUA) or equivalent regulations, California Credit Union Law and Rules and Regulations, and other applicable federal and state laws and regulations.
• Strong skills in network architecture design, network infrastructure technologies and network protocols.
• Ability to operate standard business machines such as computer, printer, and telephone systems.
• Travel is occasionally required to distant sites and conference locations nationwide.