National Trust Bank, Chief Information Security Officer

Company Overview

With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we're only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.

At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all.

Here, we know that you're more than your work. That's why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose - a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If you're passionate about our purpose - people -then we can't wait to support whatever gives you purpose. We're united by purpose, inspired by you.

About the Role:

The CISO will be responsible for shaping and executing the Executive Management team's vision for Information Security for the organization's banking sector. The ideal candidate will successfully interface and coordinate with the UKG IT and Info Sec teams, develop information security related polices, manage vendor relationships, develop training plans, complete and update risk assessments annually, and be a contributor for IT and Cyber related audits and OCC examinations.

Your Responsibilities:

• Leading the development and implementation of the UKG National Trust Bank information security strategy to align with our affiliate relationship with UKG and FFIEC regulatory requirements.
• Overseeing the protection of company data, intellectual property, and technology assets from cyber threats.
• Developing, updating, and enforcing security policies, procedures, and protocols that align with business goals and banking regulation requirements.
• Identifying and mitigating security risks to ensure the organization remains resilient against emerging threats.
• Managing security related audits, including an annual independent review, compliance assessments, incident response processes, and investigating security breaches.
• Collaborating with UKG operational teams (IT and Infosec) to integrate cyber security measures into the company's IT, Security, and business operations.

• Develop, update, implement, and maintain a comprehensive security program that includes cyber defense, data protection, and ongoing cyber security operations. The program will be in accordance with UKG policies and procedures in place but tailored to the banking requirements.
• Conduct regular risk assessments, identify vulnerabilities, and prioritize remediation efforts to reduce risk exposure.
• Coordinate with UKG IT and IS teams as needed for planning and day-to-day functions.
• Oversee security incident detection, response, and recovery, ensuring proper mitigation of potential breaches for the UKG NTB.
• Coordinate with UKG to ensure the security architecture, tools, and technologies deployed across the organization's IT infrastructure are actively monitored.
• Develop cybersecurity and privacy training program for employees, executive management and the board of directors.
• Coordinate with legal, compliance, and regulatory teams to ensure compliance with various banking related regulations (GLBA for example).
• Monitor security metrics and report on the organization's security posture to executive leadership.
• Plan and oversee Business Continuity and Disaster Recovery related tests including tabletop exercises.
• Stay updated on cybersecurity trends, technologies, and best practices to enhance security measures proactively.
• Lead Information Security management committee whose responsibility will be to oversee all bank related Cybersecurity. Examples include creating and monitoring KRIs, and monitoring audit and regulatory issues, etc.
• Develop and oversee Third-Party Vendor management policy and program, in collaboration with the Chief Risk and Compliance Officer, including performing vendor reviews as prescribed.
• Manage IT and IS related projects.

• 15+ years of demonstrable experience in Information Security, Information technology, Audit, or in a similar senior-level cybersecurity role (preferable in Banking). A combination of education and experience will be considered.
• Knowledge of information security principles, cybersecurity frameworks (e.g., NIST, ISO/ISE 27001), risk management, and project management practices.
• Working knowledge of security auditing, vulnerability assessments, and risk mitigation.
• Experience with security technologies such as firewalls, intrusion detection systems, SIEMs, and encryption protocols.
• Solid knowledge of data privacy regulations, banking compliance, and Federal Financial Institutions Examination Council (FFIEC) requirements.
• Ability to develop and implement security strategies.
• Strong leadership and communication skills, with the ability to influence decision-making at the executive level.
• Strong analytical and problem-solving skills with a keen eye for identifying potential risks and vulnerabilities.

• Relevant technology related certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Project Management Professional (PMP)
• Experience with cloud security and securing cloud infrastructure.
• Familiarity with incident management and disaster recovery planning.
• Background in regulatory compliance and privacy laws in the banking sector.
• Hands-on experience with SIEM tools, firewalls, and intrusion detection systems.

• 15+ years of demonstrable experience in Information Security, Information technology, Audit, or in a similar senior-level cybersecurity role.