Job Description - VP, Deputy Information Security Officer (DISO)
VP, Deputy Information Security Officer (DISO) - ( 20000140
Description Banc of California, Inc. (NYSE: BANC) is a bank
holding company with approximately $9 billion in assets and one
wholly-owned banking subsidiary, Banc of California, N.A. (the
“Bank”). With our 700+ dedicated professionals, we provide
customized and innovative banking and lending solutions to
businesses, entrepreneurs and individuals throughout California. We
proudly partner with community organizations that provide financial
literacy, job training, small business support, and affordable
housing to help improve the communities where we live and work.
With a commitment to service and building enduring relationships,
we provide a higher standard of banking. JOB SUMMARY: Responsible
for overseeing all aspects of information security operations,
information security programs/projects, information security &
technology risk assessments, vendor security reviews, and
information security reporting. Performs all duties in accordance
with the company’s policies and procedures, all U.S. state and
federal laws and regulations, wherein the company operates.
ESSENTIAL DUTIES AND RESPONSIBILITIES: Acquire and manage the
necessary resources, including leadership support, financial
resources, and key security personnel, to support information
security goals and objectives to reduce overall organizational
risk. Forecast ongoing service demands and ensure that security
assumptions are reviewed as necessary. Advise senior management
(e.g., CIO) on cost/benefit analysis of information security
programs, policies, processes, systems, and elements.
Recognize a possible security violation and take appropriate
action to initiate the appropriate incident response plan.
Supervise or manage protective or corrective measures when a
cybersecurity incident or vulnerability is discovered.
Collect and maintain data needed to meet system cybersecurity
reporting. Advise senior management (e.g., Chief Information
Officer [CIO]) on risk levels and security posture. Advise
appropriate senior leadership or Authorizing Official of changes
affecting the organization's cybersecurity posture.
Establish enterprise information security architecture (EISA)
with the organization’s overall security strategy. Ensure that
protection and detection capabilities are acquired or developed
using the IS security engineering approach and are consistent with
organization-level cybersecurity architecture. Evaluate and approve
development efforts to ensure that baseline security safeguards are
Monitor and evaluate the effectiveness of the enterprise's
cybersecurity safeguards to ensure that they provide the intended
level of protection. Manage threat or target analysis of cyber
defense information and production of threat information within the
Define and/or implement policies and procedures to ensure
protection of critical infrastructure as appropriate. Continuously
validate the organization against
policies/guidelines/procedures/regulations/laws to ensure
Collaborate with stakeholders to establish the enterprise
continuity of operations program, strategy, and mission assurance.
Ensure that cybersecurity requirements are integrated into the
continuity planning for that system and/or organization(s).
Participate in the development or modification of the computer
environment cybersecurity program plans and requirements. Prepare,
distribute, and maintain plans, instructions, guidance, and
standard operating procedures concerning the security of network
Oversee information security risk assessments and track
self-identified and Internal Audit findings to ensure that
appropriate mitigation actions are taken. Ensure that cybersecurity
inspections, tests, and reviews are coordinated for the network
environment. Ensure that security improvement actions are
evaluated, validated, and implemented as required. Ensure that
plans of actions and milestones or remediation plans are in place
for vulnerabilities identified during risk assessments, audits,
Interface with external organizations (e.g., public affairs, law
enforcement, Command or Component Inspector General) to ensure
appropriate and accurate dissemination of incident and other
Computer Network Defense information.
Treats people with respect; keeps commitments; inspires the
trust of others; works ethically and with integrity; upholds
organizational values; accepts responsibility for own actions.
Follows policies and procedures; completes tasks correctly and
on time; supports the company’s goals and values.
Demonstrates knowledge of and adherence to EEO policy; shows
respect and sensitivity for cultural differences; educates others
on the value of diversity; promotes working environment free of
harassment of any type; builds a diverse workforce and supports
Performs the position safely, without endangering the health or
safety to themselves or others and will be expected to report
potentially unsafe conditions. The employee shall comply with
occupational safety and health standards and all rules, regulations
and orders issued pursuant to the OSHA Act of 1970, which are
applicable to one’s own actions and conduct.
Performs other duties and projects as assigned.
Banc of California is an equal opportunity employer committed to
creating a diverse workforce. All qualified applicants will receive
consideration for employment without regard to age (40 and over),
ancestry, color, religious creed (including religious dress and
grooming practices), denial of Family and Medical Care Leave,
disability (mental and physical) including HIV and AIDS, marital
status, medical condition (cancer and genetic characteristics),
genetic information, military and veteran status, national origin
(including language use restrictions), race, sex (which includes
pregnancy, childbirth, breastfeeding and medical conditions related
to pregnancy, childbirth or breastfeeding), gender, gender
identity, gender expression, and sexual orientation.
ESSENTIAL KNOWLEDGE, SKILLS, AND ABILITIES: Laws, regulations,
policies, and ethics as they relate to cybersecurity and
Cybersecurity and privacy principles.
Information security program management and project management
principles and techniques.
Risk management frameworks (RMF) and supporting processes.
industry methods for evaluating, implementing, and disseminating
information technology (IT) security assessment, monitoring,
detection, and remediation tools and procedures utilizing
standards-based concepts and capabilities.
Supply Chain Risk Management Practices (NIST SP 800-161)
Computer networking concepts and protocols, and network security
Host/network access control mechanisms (e.g., access control
list, capabilities lists).
Intrusion detection methodologies and techniques for host and
Cybersecurity and privacy principles related to the use,
processing, storage, and transmission of information or data.
System and application security threats and vulnerabilities
(e.g., buffer overflow, mobile code, cross-site scripting,
Procedural Language/Structured Query Language [PL/SQL] and
injections, race conditions, covert channel, replay,
return-oriented attacks, malicious code).
Incident response and handling methodologies.
Cyber threats and vulnerability information dissemination
sources (e.g., alerts, advisories, bulletins).
EDUCATION, EXPERIENCE AND/OR LICENSES: Bachelor’s degree in
Computer Science, Information Systems, Cyber Security, or other
quantitative fields and a minimum of 7+ years of related experience
Prior banking and/or financial services background a plus.