SVP, Security Risk and Assurance

BANC OF CALIFORNIA AND YOUR CAREER

Banc of California, Inc. (NYSE: BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California (the “bank”). Banc of California is one of the nation’s premier relationship-based business banks focused on providing banking and treasury management services to small, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services, with full-service branches throughout California and Denver, Colorado, as well as full-stack payment processing solutions through BancEdge. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more. 

At Banc of California, our success is driven by our people, and we take pride in fostering an environment where everyone can reach their full potential. We embrace a culture of empowerment, progressive thinking, and entrepreneurial spirit, ensuring our team members have an opportunity to make an impact and play an important role in the future of Banc of California. Our core values – Entrepreneurialism, Operational Excellence, and Superior Analytics – empower us in creating a dynamic and inclusive workplace. We are committed to supporting your growth and well-being with comprehensive benefits, career development programs, a variety of employee resource groups, and more. TOGETHER WE WIN®

THE OPPORTUNITY

Responsible for overseeing all aspects of information security programs/projects, information security & technology risk assessments, vendor security reviews, and information security reporting. Performs all duties in accordance with the Company’s policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates.

HOW YOU’LL MAKE A DIFFERENCE

• Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information security goals and objectives to reduce overall organizational risk. Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary.  Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• Provide continuous monitoring of security landscape so that possible security threats are identified and actioned appropriately. Supervise or manage the governance, risk and compliance function for protective, preventative or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Collect and maintain data needed to meet system cybersecurity reporting. Advise senior management on risk levels and security posture. Advise appropriate senior leadership or of changes affecting the organization's cybersecurity posture.
• Establish enterprise information security architecture (EISA) with the organization’s overall security strategy.  Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture. Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection. Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
• Work closely with client executives and management teams to understand their businesses and assist in identifying and managing financial and operational risks within their business systems to ensure technology risks are managed. Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s). Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Review business processes and controls against industry frameworks, identifying gaps in design and execution, and communicating issues and recommendations to business clients.  Oversee the development of business continuity programs and the execution of internal control assessments in the areas of:
• IT strategy and governance
• IT operations, business continuity and disaster recovery
• Cybersecurity
• Third party risk
• ITGC and application controls
• SOC reporting
• Regulatory and compliance requirements
• Oversee information security risk assessments and track self-identified and Internal Audit findings to ensure that appropriate mitigation actions are taken. Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment. Ensure that security improvement actions are evaluated, validated, and implemented as required. Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions.
• Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; promotes working environment free of harassment of any type.
• Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.
• Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one’s own actions and conduct.
• Performs other duties and projects as assigned. 

WHAT YOU’LL BRING

• 8 - 12 year(s) experience with IT audit or cybersecurity
• 3+ year(s) experience with business continuity, disaster recovery
• Bachelor’s degree in computer science, Information Systems, Cyber Security, or other quantitative fields 
• Prior banking and/or financial services background a plus.
• CISA or CISSP Certification required.
• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Cybersecurity and privacy principles.
• Information security program management and project management principles and techniques.
• Risk management frameworks (RMF) and supporting processes.
• Industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Computer networking concepts and protocols, and network security methodologies.
• Host/network access control mechanisms (e.g., access control list, capabilities lists).
• Intrusion detection methodologies and techniques for host and network-based intrusions.
• Cybersecurity and privacy principles related to the use, processing, storage, and transmission of information or data.
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Incident response and handling methodologies.
• Cyber threats and vulnerability information dissemination sources (e.g., alerts, advisories, bulletins).

HOW WE’LL SUPPORT YOU

• Financial Security: You will be eligible to participate in a 401k plan in which the Bank will match 100% of the first 4% of your contributions, which is immediately vested.
• Health & Well-Being: We offer comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA).
• Building & Supporting Your Family: Banc of California partners with providers that offer adoption, surrogacy, and fertility assistance as well as paid parental leave and family support solutions including care options for your family.
• Paid Time Away: Eligible team members receive paid vacation days, holidays, and volunteer time off.
• Career Growth Opportunities: To support career growth of our team members, we offer tuition reimbursement, an annual mentorship program, leadership development resources, access to LinkedIn Learning, and more.

SALARY RANGE

The full-time base salary range for this position is $145,000.00 - $200,000.00 USD a year. The base salary ultimately offered is determined through a review of education, industry experience, training, knowledge, skills, abilities of the applicant in alignment with market data and other factors.

Banc of California is an equal opportunity employer committed to creating a diverse workforce. All qualified applicants will receive consideration for employment without regard to their actual or perceived race (including traits associated with race, such as hair texture, hair type or protective hairstyles), religion or religious creed (including religious dress and grooming practices), color, sex (including pregnancy, childbirth, breastfeeding and related medical conditions), sexual orientation, gender, gender identity, gender expression, gender transitioning, citizenship status, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information, or disability (mental or physical), requests for accommodation and any additional protected categories set forth in applicable federal, state or local laws. If you require reasonable accommodation as part of the application process, please contact Talent Acquisition.