Director of Cyber Security Risk & Compliance

As a leading regional bank, SouthState has been providing financial solutions to individuals, families, and businesses in the Southeast for more than 100 years. SouthState team members strive to create remarkable experiences while building meaningful and lasting relationships. We are proud to be a reflection of the communities we serve, and our team members share core values that make SouthState a great place to bank, and a great place to work.

SUMMARY/OBJECTIVES

It is the responsibility of the Director of Cyber Security Risk and Compliance to take ownership of all tasks and challenges that they encounter in the operation of their assigned position.  The primary purpose of this role is to serve as a senior risk management, governance and compliance leader within the SouthState Bank’s Information Security team. This includes responsibility for developing and executing risk and governance strategies and plans for the enterprise cyber security program.  This individual should be an accomplished risk manager comfortable leading by the influence model, working across teams to develop enterprise level policies, standards, and programs. This role oversees governance activities including planning, strategy, and program execution. In addition, this role provides critical governance and risk input into the long-term strategy for technology security across all domains and platforms. The individual in this role provides direction and people leadership for the Risk, Compliance, and IAM Governance functions.  Additional responsibilities will include development of department level budgets, planning, forecasting, and FTE development.

ESSENTIAL FUNCTIONS

Works closely with the Chief Information Security Officer (CISO), IT, and Business Executives, and risk partners to create and manage the Cyber Risk Management Program. This includes processes to identify governance, manage and report risk in a clear and quantitative format, budgets and services that directly enable business and technology goals

• Develops and uses predictive analytics to better predict risks to the company and equip other teams within the group to create appropriate countermeasures, either by way of process, governance, or technology.

• Develop a control testing program and oversee risk assessments in alignment with Enterprise risk assessment taxonomy and methodologies.

• Maintain an Information Security controls framework that defines the risk vision for the company and how the effectiveness of the security program will be measured in relation to established standards.
• Provides expertise and guides the administration of security tools to ensure they are addressing the governance, risk, and compliance aspects.
• Maintains a solid security awareness program which ensures  team members are well educated in common cyber security best practices and are equipped to safeguard the information assets of the company.
• Maintains a compliance function that partners with stakeholders to ensure they understand and are successful in establishing processes, technologies or governance structures that will create systems that are compliant to external regulations such as SOX, PCI, etc. as well as internal controls established by the ERM group

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

COMPETENCIES

• Information Security Governance experience in the Banking or Financial Services
• Experience in a PCI/Retail technology environment
• Experience in managing Archer (GRC Systems) preferred but not required

 Experience leading global teams
• Experience with process management methodologies such as ITIL Delivery methodologies (Agile and Scrum)
• Broad knowledge of infrastructure (network and servers), network architecture, services and security policies

• Strong verbal and written communication skills
• Familiarity with multi-platform technology environments and their operational/security considerations
• Strong project management skills, with experience in managing resources to meet goals on simultaneous/multiple projects

Qualifications, Education, and Certification Requirements

• Education: Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field
• Experience: 10 Years in a Senior Leadership role; 12 years of experience in combination of risk management, security, compliance and Information Technology
• Certifications/Specific Knowledge: Relevant information security and risk certifications (e.g., CGRC, CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
   

TRAINING REQUIREMENTS/CLASSES

Required annual compliance training, New Employee Orientation

PHYSICAL DEMANDS

 Must be able to effectively access and interpret information on computer screens, documents, and reports. This position requires a large amount of time in front of a computer.  This can be done sitting or standing with use of the right desk. This position may require bending and reaching. Must be able to sit for long periods, often several hours at a time.  Minimal lifting is required.  Will require long periods of time reviewing information on a computer screen.

WORK ENVIRONMENT

  This position is located in a private office or hybrid from a secured home office.

Benefits:          Benefits | SouthState Careers (southstatebank.com)

Job Details:

In accordance with Colorado law: Colorado pay for this position is anticipated to be between $141,000 to $200,000, actual offers to be determined based on applicant’s skills, experience and education.

While the anticipated deadline for the job posting is November 29, 2024, we encourage you to submit your application as we may still consider qualified candidates beyond this date.