Chief Information Security Officer

The Chief Information Security Officer (CISO) is a senior executive responsible for establishing, governing, and continuously enhancing the Bank's enterprisewide information security and cyber risk management program. The CISO serves as a strategic advisor to the Chief Operating Officer, executive management, and the Board of Directors on cyber risk, ensuring that information security capabilities appropriately balance regulatory expectations, risk appetite, business growth, operational resilience, and customer experience.

While reporting administratively to the Chief Operating Officer, the CISO maintains independent authority to assess, challenge, escalate, and report cybersecurity risks directly to executive management, the Enterprise Risk Committee, and the Board of Directors. The CISO provides independent oversight of information security risks across the Bank, including technology, data, thirdparty relationships, and emerging digital initiatives, while ensuring compliance with applicable laws, regulations, and regulatory guidance.

This role is accountable for safeguarding the confidentiality, integrity, and availability of the Bank's information assets and for maintaining a resilient security posture in an evolving threat landscape. This accountability includes oversight of emerging technology risks, including artificial intelligence (AI), machine learning, and automated decisionmaking systems, as they relate to cybersecurity, data protection, thirdparty risk, and regulatory compliance.

What You'll Do:

Enterprise Cybersecurity Strategy & Governance

Define and execute a risk based information security strategy aligned with the Bank's business objectives, digital initiatives, and regulatory requirements.
• Establish and maintain the Bank's Information Security Program, including policies, standards, procedures, and governance frameworks.
• Partner closely with the Chief Operating Officer and Enterprise Risk Management to integrate cybersecurity risk management into core operational processes and the Bank's overall risk management framework.
• Provide independent challenge and credible oversight of technology and business initiatives from a cybersecurity risk perspective.
  
  

Board and Executive Engagement

• Serve as the primary executive responsible for communicating cybersecurity risks, trends, and overall security posture to senior management, the Enterprise Risk Committee, and the Board of Directors.
• Maintain direct and unrestricted access to the Board of Directors and its committees on cybersecurity and information security risk matters.
• Develop and present clear, actionable cyber risk metrics, key risk indicators (KRIs), and maturity assessments to support informed decision making.
• Advise executive leadership on material cybersecurity risks, risk trade offs, and mitigation strategies.
  
  

Regulatory, Audit & Examiner Management

• Ensure compliance with GLBA, applicable privacy and cybersecurity regulations, and regulatory guidance.
• Own and manage the enterprise wide GLBA Risk Assessment and other cybersecurity risk assessments.
• Act as the primary point of contact for regulators, internal audit, and external auditors on information security matters, including the timely remediation of findings and issues.
• Regulatory updates to the OCC and FDIC must demonstrate Information Security program governance effectiveness, risk awareness, control maturity, incident readiness, and board oversight.
  
  

Incident Response, Escalation & Operational Resilience

• Maintain executive oversight of the Bank's cybersecurity incident response and crisis management framework.
• Has authority to escalate, contain, suspend, or recommend cessation of systems, vendors, or business processes during cybersecurity incidents where material risk to the Bank exists, with direct escalation to the COO, CEO, and Board as appropriate.
• Lead or direct response efforts for significant security incidents, including investigation, coordination with Legal, Compliance, ERM, Operations, and external parties as required.
• Partner with the COO to integrate cybersecurity risk into operational resilience, business continuity, and disaster recovery strategies.
  
  

Technology, Data & Cloud Security Oversight

• Provide governance and oversight for security architecture across on premise, cloud, SaaS, and hybrid environments.
• Establish data classification, protection, and encryption standards to safeguard sensitive, confidential, and customer information.
• Oversee identity and access management governance, including privileged access controls and authentication standards.
  
  

Third Party & Vendor Cyber Risk

• Own the Bank's third party and vendor cybersecurity risk management framework in coordination with Third Party Risk Management, Operations, and Procurement.
• Ensure cybersecurity risk is assessed, monitored, and managed throughout the vendor lifecycle, including fintech partners, cloud providers, AI enabled solutions, and other critical service providers.
  
  

Security Awareness & Risk Culture

• Establish and maintain a comprehensive security awareness and education program that promotes a strong, enterprise wide risk aware culture.
• Champion accountability for cybersecurity responsibilities at all levels of the organization.
  
  

Leadership & Talent Development

• Lead, develop, and retain a high performing information security organization.
• Set clear goals, performance expectations, and development plans for direct reports.
• Foster a culture of integrity, accountability, collaboration, and continuous improvement
  
  

• Minimum 10 years of working experience with information security, audit, compliance and/or related knowledge preferably in banking or a highly regulated industry.
• CISO designation and associated certifications e.g. CISSP, CISM, CISA, at a prior financial institution of similar scope and scale.
• 10+ years of managerial experience in information security.
• Proven experience in disaster recovery planning, risk assessment, and policy writing.
• Enterprise level experience including managing and successfully delivering cross functional initiatives.
• Experience in leading projects and multi-tasking with diverse groups and locations.
• Advanced knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks. Ability to understand new laws and regulatory requirements and how they relate to security and compliance and present the overall risk to the Bank.
• Demonstrable experience in implementing strategic plans and managing an information security program.
• Exceptional and proven leadership capabilities - communication, influence & negotiation, conflict resolution, people management, relationship management (internal/external), and team building.
• Proven ability to successfully partner with internal clients and vendors to align strategy with deliverables, identify business challenges and develop alternatives to mitigate.
• Strong service management and service delivery orientation.
• Excellent written, oral, and interpersonal communication skills.
• Ability to present ideas in at appropriate levels for different audiences.
• Proven ability to work within a changing environment and lead the implementation of change.
• Ability to apply change management principles to initiatives of variable sizes and degrees of complexities.
• Ability to assess the impact or potential impact of change management initiatives of various sizes and degrees of complexities on business financial and performance.
• Advanced level of creativity, strategic thinking and problem management skills.
• Ability to conduct and direct research into information security issues.
• Self-motivated, self-directed, attentive to detail, and able to multi-task.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.

• Bachelor's Degree in computer science, management information systems, business administration (or a related discipline).
• An equivalent combination of education and/or relevant professional experience may be considered in lieu of a degree.
• Professional security management certification as a Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials are recommended.

City National Bank of Florida is an Equal Opportunity Employer and is committed to providing equal employment opportunities to all applicants. We do not discriminate on the basis of race, color, religion, sex, pregnancy, national origin, age, disability, genetic information, protected veteran status, or any other status protected under federal, state, or Florida law. City National Bank of Florida complies with the Americans with Disabilities Act (ADA) and applicable Florida laws. Qualified individuals with disabilities who require a reasonable accommodation in order to complete the online application or participate in the hiring process may contact our Human Resources Talent Attraction Department View email address on click.appcast.io.