Please Enable Cookies to Continue Please enable cookies in your browser to experience all the personalized features of this site, including the ability to apply for a job. Returning Candidate? Deputy CISO Location US-CA-San Marino
Job ID 2020-8036
Position Type Full-Time
For more than 40 years, East West Bank has served as a pathway to success. With over 125 locations across the U.S. and Greater China, we are the premier financial bridge between the East and West. Our teams of experienced, multi - cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our employees' potential for career advancement.
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With assets of $44.2 billion, we've ranked among the 30 largest banks in the United States. And since 2010, we have been recognized by Forbes as one of the top 15 best banks in America. With a strong foundation, and enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.
The deputy chief information security officer (CISO) reports to the CISO and is responsible for day-to-day operations to support and augment the CISO’s overall responsibilities. The deputy CISO is an advanced role supporting the entire cybersecurity program. This individual provides leadership, executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program supporting global enterprise security initiatives. As directed by the CISO, the deputy CISO supports and reports on strategic planning and execution of enterprise security systems, applications and operations. As a business enabler, the deputy CISO ensures business decisions are not obstructed by cybersecurity but instead are made using sound security principles and supporting corporate security policies and plans. The deputy CISO will lead an adaptable and secure business-supporting cybersecurity team, in addition to influencing and executing with technical team members such as software developers, system engineers, cybersecurity engineers and systems administrators.
The deputy CISO is expected to be skilled at effective communication and possess business acumen to align and work closely with business leaders. In addition to direct reports, the deputy CISO must be capable of working closely with C-level leadership, third parties, audit committees and occasionally boards. The deputy CISO must be personable and drive a synergistic team in which employees have a sustainable workload yet feel valued and challenged to achieve excellence. Recruiting, career development and retention are top personnel priorities falling under the purview of the deputy CISO. Preferably, the deputy CISO will have a technical background with the ability to comprehend technologies, their purpose, and their security requirements, wherever they and their data reside. The deputy CISO’s technical background should encompass understanding threats, risk mitigation and technical controls.
- Serve as the CISO representative when the CISO is not available, including making decisions usually made by the CISO.
- Act as a trusted point of contact for the chief information officer (CIO), chief technical officer (CTO), chief risk officer (CRO), security management and business units.
- Work closely with security leadership overseeing security operations, incident response, application security and infrastructure.
- Work closely with the Enterprise Business Continuity Office, Identity access Management and IT Risk Management and Compliance teams.
- Be actively informed and engaged in daily security operations.
- Understand and be involved in disaster recovery and business continuity planning, testing and validation.
- Offer mentoring to security leadership as needed to support people-first leadership principles.
- Enforce a strong security culture set forth by the CISO, ensuring uniformity across security leadership, business units and employees.
- Foster strong relationships with internal business units and external entities to maintain a strong network.
- Require security leadership and teams to consistently learn and share advanced knowledge and practices that promote excellence.
- In tandem with the CISO, manage the security budget and additional fiduciary responsibilities.
- Advise on enterprise-wide people, process and technology security recommendations.
- Maintain an up-to-date level of knowledge relating to security threats, vulnerabilities and mitigations set forth to reduce the corporate attack surface.
- Ensure security projects are delivered on time and within budget.
- Implement a continuous vulnerability assessment and exposure analysis process and align technical teams to address a timeline for remediation and validation across applications and infrastructure.
- Sponsor vendor and technology solution selection, as well as third-party consulting services as needed.
- Require and support independent verification and validation testing of the company networks and data protection through internal team resources and independent consulting engagements.
- In conjunction with security leadership, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver to non-technical teams in terms that are readily comprehensible.
- Provide motivation to security teams and employees to maximize rigorous system security controls.
- Remove complexity and obstacles that hinder efficient security controls enterprise-wide.
- Build relationships with technical and compliance teams to deliver security-by-design controls that are incorporated into projects, architecture, infrastructure and applications.
- Work closely with operational risk, compliance, legal and audit teams.
- Stay abreast of new laws, regulations and standards, and assess their impacts to the business.
- Verify security content training initiatives, as well as internal and external communication are conducted regularly.
- Oversee testing and validation of security controls across projects.
- Perform other duties as assigned.
- At least 10+ years’ cybersecurity management experience with at least 8+ years in an operationally focused security practitioner role.
- At least 3 years’ experience working with business leadership and with some fiscal responsibilities.
- Strong written and verbal communication skills across all levels of the organization.
- Ability to effectively manage stress in a constantly changing environment.
- Driven to build a strong, cohesive team and positive enterprise-wide security culture.
- Proven high level of integrity, trustworthiness and confidence, as well as ability to represent the company and security leadership with the highest level of professionalism.
- Strategic vision and ability to influence others.
- Strong project management and organizational skills.
- Ability to work effectively with diverse teams and varying personalities, and adapt management style to effectively reach and develop the team.
- Ability to gain and preserve credibility with the team through sustained industry knowledge.
- Ability to motivate the team to achieve excellence, while giving credit and recognition where it is due.
- Applicable knowledgeable with the Federal Financial Institutions Examination Council's (FFIEC) IT Examination Handbook and the Cybersecurity Assessment Tool (CAT), EU’s General Data Protection Regulation (GDPR), National Institute of Technology (NIST) standards, California Consumer Privacy Act (CCPA), International Standards Organization (ISO) standards, Health Information Portability and Accountability Act (HIPAA), New York Department of Financial Services (NYDFS) regulations and frameworks, etc.
- Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Self-starter requiring minimal supervision.
- Excellence in communicating privacy, business risk and remediation requirements from assessments.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
- Master’s or other advanced degree (MBA, information assurance, computer science, etc.) preferred but not required.
- Bachelor's degree in business administration, information assurance or related technical field.
- 10+ years of related security systems administration
- 8+ years of cybersecurity management experience.
- Preferable, but not required: CISSP, CISM, CRISC, CISA
Options Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Need help finding the right job? We can recommend jobs specifically for you! East West Bank is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other legally protected status. Reasonable accommodations for disability are provided to applicants and employees in accordance with applicable law.
Software Powered by iCIMS