VP, Information Security Architect

Banc of California, Inc. (NYSE: BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California (the “bank”). Banc of California is one of the nation’s premier relationship-based business banks focused on providing banking and treasury management services to small-, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services through more than 70 full-service branches throughout California and in Denver, Colorado, and Durham, North Carolina, as well as full-stack payment processing solutions through its subsidiary, Deepstack Technologies. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more.

Job Summary

Responsible for the execution of the Information Security Architecture function, including collaborative support to Information Security Engineering in the development and assessment of security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members. Performs all duties in accordance with the Company’s policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates.

• Define broad, thorough Information Security Architecture strategy and plans for on-premise and cloud technologies.
• In collaboration with Information Security Engineering, support the design, build, implementation and support procedures for enterprise-class security systems.
• Align organizational security strategy and infrastructure with overall business and technology strategy.
• Identify and communicate current and emerging security threats.
• Oversee the design and execution of security architecture elements to mitigate threats as they emerge.
• Plan, research and design robust security architectures for any IT project.
• Create solutions that balance business requirements with information and cybersecurity requirements
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Review and approve installation of firewall, VPN, routers, and other cybersecurity technologies.
• Contribute to the team’s efforts to define, implement and maintain corporate security standards and procedures.
• Assist as necessary and respond immediately to security-related incidents and provide thorough remedial solutions and analysis.
• Regularly communicate vital information, security needs and priorities to upper management.
• Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
• Plans security systems by evaluating network and security technologies; developing requirements for security and network devices; including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
• Prepares system security reports by collecting, analyzing, and summarizing data and trends.
• Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Enhances department and organization reputation by effectively and efficiently managing the Information Security Architecture processes, accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
• Conduct control and risk assessments of technical operating environments. Identify, document, and manage gaps related to security and compliance and other tasks to support ensuring Banc of California’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection.
• Identify gaps and weaknesses and make recommendations for additional processes, risks, and controls as well as enhancements to existing ones. Work with Information Technology to address recommendations and track progress.
• Treats people with respect; keeps commitments; inspires the trust of others; works ethically and with integrity; upholds organizational values; accepts responsibility for own actions.
• Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.
• Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.
• Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one’s own actions and conduct.
• Performs other duties and projects as assigned.

Banc of California is an equal opportunity employer committed to creating a diverse workforce. All qualified applicants will receive consideration for employment without regard to age (40 and over), ancestry, color, religious creed (including religious dress and grooming practices), denial of Family and Medical Care Leave, disability (mental and physical) including HIV and AIDS, marital status, medical condition (cancer and genetic characteristics), genetic information, military and veteran status, national origin (including language use restrictions), race, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), gender, gender identity, gender expression, and sexual orientation. If you require reasonable accommodation as part of the application process please contact Talent Acquisition Partner.

• Utilizing emerging technologies to design and implement security solutions; monitoring and improving those solutions while working with an information security team.
• Consulting and engineering in the design and development of security best practices; implementation of security measures to meet business goals, customer needs and regulatory requirements.
• Security considerations of cloud computing, including data breaches, hacking, account hijacking, malicious insiders, third parties, zero-trust techniques, authentication, APTs, data loss and DoS attacks.
• Identity and access management; tracking and creating/enforcing policies that govern access sensitive technology resources and information assets.
• Extensive experience in information security and/or IT risk management with a focus on security architecture & design, performance and reliability.
• Solid understanding of security protocols, cryptography, authentication, authorization and security.
• Good working knowledge of current IT risks and experience implementing security solutions.
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures.
• Excellent written and verbal and communication skills as well as business acumen and a commercial outlook.
• Windows, VMWare, UNIX and Linux (physical & virtual) operating systems.
• Thorough understanding of relevant industry security standards and protocols including ISO27001 and National Institute of Standards and Technology (NIST); Control Objectives for Information and Related Technologies (COBIT).
• Router, switch and VLAN security; wireless security.
• Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.
• Outstanding communication skills; strong critical thinking and analytical skills.
• Strong leadership, project and team-building skills, including the ability to lead teams and drive initiatives in multiple departments.
• Demonstrated ability to identify risks associated with business processes, operations, technology projects and information security programs.
• Ability to function as an enterprise security subject matter expert who can explain complex topics to those without a technical background.
• Expertise in security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), enhanced authentication techniques (zero-trust), network access controls, and network segmentation.
• Third-party auditing skills and cloud risk assessment methodologies.
• A degree in Information Technology, Computer Science or related field is highly desirable.  Additional advanced security qualifications such as SABSA (Sherwood Applied Business Security Architecture) or CISSP (Certified Information Systems Security Professional) certifications a plus.
• 10+ years IT security or Information Security experience with a proven ability to engage with business units and technical peers.

Salary Range: $131,580.80 - 175,437.60 USD;  Final salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with geographic/market data.