SouthState Bank
Director of Cyber Security Risk & Compliance
SouthState Bank, Winter Haven, FL
As a leading regional bank, SouthState has been providing financial solutions to individuals, families, and businesses in the Southeast for more than 100 years. SouthState team members strive to create remarkable experiences while building meaningful and lasting relationships. We are proud to be a reflection of the communities we serve, and our team members share core values that make SouthState a great place to bank, and a great place to work.
SUMMARY/OBJECTIVES
It is the responsibility of the Director of Cyber Security Risk and Compliance to take ownership of all tasks and challenges that they encounter in the operation of their assigned position. The primary purpose of this role is to serve as a senior risk management, governance and compliance leader within the SouthState Bank's Information Security team. This includes responsibility for developing and executing risk and governance strategies and plans for the enterprise cyber security program. This individual should be an accomplished risk manager comfortable leading by the influence model, working across teams to develop enterprise level policies, standards, and programs. This role oversees governance activities including planning, strategy, and program execution. In addition, this role provides critical governance and risk input into the long-term strategy for technology security across all domains and platforms. The individual in this role provides direction and people leadership for the Risk, Compliance, and IAM Governance functions. Additional responsibilities will include development of department level budgets, planning, forecasting, and FTE development.
ESSENTIAL FUNCTIONS
Works closely with the Chief Information Security Officer (CISO), IT, and Business Executives, and risk partners to create and manage the Cyber Risk Management Program. This includes processes to identify governance, manage and report risk in a clear and quantitative format, budgets and services that directly enable business and technology goals
• Develops and uses predictive analytics to better predict risks to the company and equip other teams within the group to create appropriate countermeasures, either by way of process, governance, or technology.
• Develop a control testing program and oversee risk assessments in alignment with Enterprise risk assessment taxonomy and methodologies.
• Maintain an Information Security controls framework that defines the risk vision for the company and how the effectiveness of the security program will be measured in relation to established standards.
• Provides expertise and guides the administration of security tools to ensure they are addressing the governance, risk, and compliance aspects.
• Maintains a solid security awareness program which ensures team members are well educated in common cyber security best practices and are equipped to safeguard the information assets of the company.
• Maintains a compliance function that partners with stakeholders to ensure they understand and are successful in establishing processes, technologies or governance structures that will create systems that are compliant to external regulations such as SOX, PCI, etc. as well as internal controls established by the ERM group
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
COMPETENCIES
• Information Security Governance experience in the Banking or Financial Services
• Experience in a PCI/Retail technology environment
• Experience in managing Archer (GRC Systems) preferred but not required
Experience leading global teams
• Experience with process management methodologies such as ITIL Delivery methodologies (Agile and Scrum)
• Broad knowledge of infrastructure (network and servers), network architecture, services and security policies
• Strong verbal and written communication skills
• Familiarity with multi-platform technology environments and their operational/security considerations
• Strong project management skills, with experience in managing resources to meet goals on simultaneous/multiple projects
Qualifications, Education, and Certification Requirements
TRAINING REQUIREMENTS/CLASSES
Required annual compliance training, New Employee Orientation
PHYSICAL DEMANDS
Must be able to effectively access and interpret information on computer screens, documents, and reports. This position requires a large amount of time in front of a computer. This can be done sitting or standing with use of the right desk. This position may require bending and reaching. Must be able to sit for long periods, often several hours at a time. Minimal lifting is required. Will require long periods of time reviewing information on a computer screen.
WORK ENVIRONMENT
This position is located in a private office or hybrid from a secured home office.
SUMMARY/OBJECTIVES
It is the responsibility of the Director of Cyber Security Risk and Compliance to take ownership of all tasks and challenges that they encounter in the operation of their assigned position. The primary purpose of this role is to serve as a senior risk management, governance and compliance leader within the SouthState Bank's Information Security team. This includes responsibility for developing and executing risk and governance strategies and plans for the enterprise cyber security program. This individual should be an accomplished risk manager comfortable leading by the influence model, working across teams to develop enterprise level policies, standards, and programs. This role oversees governance activities including planning, strategy, and program execution. In addition, this role provides critical governance and risk input into the long-term strategy for technology security across all domains and platforms. The individual in this role provides direction and people leadership for the Risk, Compliance, and IAM Governance functions. Additional responsibilities will include development of department level budgets, planning, forecasting, and FTE development.
ESSENTIAL FUNCTIONS
Works closely with the Chief Information Security Officer (CISO), IT, and Business Executives, and risk partners to create and manage the Cyber Risk Management Program. This includes processes to identify governance, manage and report risk in a clear and quantitative format, budgets and services that directly enable business and technology goals
• Develops and uses predictive analytics to better predict risks to the company and equip other teams within the group to create appropriate countermeasures, either by way of process, governance, or technology.
• Develop a control testing program and oversee risk assessments in alignment with Enterprise risk assessment taxonomy and methodologies.
• Maintain an Information Security controls framework that defines the risk vision for the company and how the effectiveness of the security program will be measured in relation to established standards.
• Provides expertise and guides the administration of security tools to ensure they are addressing the governance, risk, and compliance aspects.
• Maintains a solid security awareness program which ensures team members are well educated in common cyber security best practices and are equipped to safeguard the information assets of the company.
• Maintains a compliance function that partners with stakeholders to ensure they understand and are successful in establishing processes, technologies or governance structures that will create systems that are compliant to external regulations such as SOX, PCI, etc. as well as internal controls established by the ERM group
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
COMPETENCIES
• Information Security Governance experience in the Banking or Financial Services
• Experience in a PCI/Retail technology environment
• Experience in managing Archer (GRC Systems) preferred but not required
- In-depth understanding of control testing program development, risk assessment methodologies, and related frameworks
Experience leading global teams
• Experience with process management methodologies such as ITIL Delivery methodologies (Agile and Scrum)
• Broad knowledge of infrastructure (network and servers), network architecture, services and security policies
• Strong verbal and written communication skills
• Familiarity with multi-platform technology environments and their operational/security considerations
• Strong project management skills, with experience in managing resources to meet goals on simultaneous/multiple projects
Qualifications, Education, and Certification Requirements
- Education: Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field
- Experience: 10 Years in a Senior Leadership role; 12 years of experience in combination of risk management, security, compliance and Information Technology
- Certifications/Specific Knowledge: Relevant information security and risk certifications (e.g., CGRC, CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
TRAINING REQUIREMENTS/CLASSES
Required annual compliance training, New Employee Orientation
PHYSICAL DEMANDS
Must be able to effectively access and interpret information on computer screens, documents, and reports. This position requires a large amount of time in front of a computer. This can be done sitting or standing with use of the right desk. This position may require bending and reaching. Must be able to sit for long periods, often several hours at a time. Minimal lifting is required. Will require long periods of time reviewing information on a computer screen.
WORK ENVIRONMENT
This position is located in a private office or hybrid from a secured home office.