- Own and continuously mature the enterprise Information Security Program.
- Align controls and architecture with NIST CSF, NIST 800-53, FFIEC guidance, PCI DSS, and SOC requirements.
- Conduct proactive program assessments and identify security gaps before they become issues, working cross-functionally to execute upon risk mitigation objectives.
- Develop and execute a multi-year security roadmap aligned to business growth and regulatory expectations.
- Translate strategy into measurable execution plans with defined milestones.
- Drive remediation of audit, regulatory, and penetration testing findings.
- Lead and develop a high-performing Information Security team.
- Oversee operation and optimization of core security tooling, budget, and contract renewal management, including SIEM/XDR platforms (e.g., Wazuh), vulnerability management (e.g., Tenable), application security testing (e.g., Veracode), and related monitoring and detection systems.
- Develop a deep understanding of our platform, cloud architecture (AWS/GCP), integrations, and AI initiatives.
- Serve as the subject matter expert in banking security and regulatory expectations.
AWSGCP