The VP, Security Engineering is an advanced technical security leadership role that will drive the rapid innovation and enhancement of security throughout the enterprise, blending technical expertise and operational excellence. This role will foster the collaboration between business units and Technology functional teams to ensure security is an operational enabler rather than perceived as a roadblock to innovation. This role will foster collaboration, accountability and embed security into the core of our operations and digital transformation efforts to reduce risk and vulnerability and ensure our security architecture is progressive and adaptive. This role will report to the Chief Information Security Officer.
Responsibilities:
Lead Security Architecture and Engineering - Design, implement, and maintain a robust cybersecurity architecture aligned with Cenlar's goals, ensuring resilience against emerging threats.
Oversee Security Operations - Oversee the day-to-day operations of security engineering teams, including maturity, monitoring, incident response, vulnerability management, and threat detection.
Develop and Enforce Security Policies - Create and implement security policies, standards, and procedures to ensure compliance with industry regulations such as FFIEC, GLBA, and other applicable standards.
Collaborate on Risk Management - Work closely with Enterprise Risk Management and Compliance teams to identify, assess, and mitigate cybersecurity risks across Cenlar's systems and networks.
Drive Innovation in Cybersecurity - Stay abreast of emerging technologies and security threats, leading efforts to adopt cutting-edge security tools and methodologies that enhance the bank's security posture.
Innovate on Security Tools and Platforms - Oversee the evaluation, selection, and implementation of security technologies such as cyber risk quantification platforms, firewalls, SIEM systems, intrusion detection systems (IDS), and encryption tools.
Cybersecurity Incident Response Orchestration - Serve as the escalation point for major cybersecurity incidents, coordinating response efforts, assisting with eradication, conducting post-incident reviews, and implementing lessons learned.
Foster cross-departmental collaboration with business units and Technology functional teams
Work closely with Technology, application development, and business teams to ensure security is embedded throughout the organization's operations and technology lifecycle.
Ensure the bank's security practices comply with U.S. regulations (e.g., FFIEC, SOC, NIST, CIS) and support external audits, regulatory reviews, and examinations.
Leads effective performance management and professional talent development across respective departments
Appropriately assess risk when business decisions are made, including but not limited to compliance and operational risk. Demonstrate consideration for Cenlar's reputation as well as our clients, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
Ensure all activities are in accordance with Cenlar's approved risk appetite statement and applicable compliance and regulatory requirements.
Qualifications:
Bachelor's degree in computer science, cybersecurity, software security engineering or equivalent work experience
Master's degree in computer science, cybersecurity, or software security engineering a preferred
12+ years of experience in information security including previous experience managing multiple departments and in product-focused roles
Strong ability and emphasis on executive presence and communication with leadership and be a bridge from cybersecurity to the business units
Strong problem solving and analytical skills to come up with a mutually acceptable solutions utilizing available resources with diverse perspectives
Knowledge of emerging technological trends and developments in the area of information and cyber security and risk management
Professional information security certifications (e.g Certified Information Security Manager - CISM, Certified Information Systems Security Professional - CISSP, Certified in Risk and Information Systems Control - CRISC) preferred
Experience with ISO/IEC 27001 ISO/IEC 27002, NIST, PCI DSS, GLBA, FFIEC IT Examination Handbook and other pertinent compliance regulations and/or guidance preferred
Demonstrated experience in a variety of the field's concepts, practices, procedures, policy, security technologies, standards, and networking and application architectures
Must have comprehensive knowledge of government and regulatory agencies policies/procedures/guidance from a security and audit perspective
Experience with current security technologies that span the NIST Cybersecurity Framework (NIST CSF)
Broad banking and/or mortgage servicing understanding and knowledge to inform the security approaches that will support the operational processes preferred
Strong leadership skills to inspire outstanding performance through collaboration
Strong customer service skills to effectively execute the strategic goals and mission of Cenlar, while demonstrating Key Success Factors
Effective listening, communication, and presentation skills to present complex topics to senior management in a persuasive manner
Excellent coaching and counseling skills
Excellent organizational skills and ability to multitask to manage multiple large-scale complex projects enterprise-wide
Proven people, strategic and tactical leader
Resourceful and aggressive ability to research all facets of the industry
Ability to plan strategically as it relates to business unit responsibilities
Ability to conceptualize long-term business goals and develop orderly process of planning to accomplish goals
