Executive Director, Business Information Security Officer - Bank

Why USAA

At USAA our mission is to empower our members to achieve financial security through highly competitive products exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families.

Embrace a fulfilling career at USAA where our core values honesty integrity loyalty and service define how we treat each other and our members. Be part of what truly makes us special and impactful.

The Opportunity

As a dedicated Executive Director Business Information Security Officer you will act on behalf of the Bank Chief Information Officer (CIO) as the primary enterprise Information Security interface including all aspects of Information Security/Cyber strategy operations and risk management requiring implementation by the USAA Federal Savings Bank (FSB). Accountable to focus prioritize and drive risk management deliverables and activities; collaborate with risk partners on information security priorities and identify and measure enterprise Information Security controls of critical business processes technologies and experiences on behalf of the USAA FSB. Additionally this role provides governance over central Information Security functions through the effective management of affiliate agreements ensuring alignment between enterprise security policies/standards and Bank requirements. Utilizes Information Security expertise industry experience analysis and innovation to design and deliver strategic engagement plans to internal clients.

Interacts with or participates in enterprise governance committees such as:

• Bank Technology Risk Committee

• Enterprise Operational Risk Committee

• Enterprise Information Technology and Information Security Committee

• Third Party Risk Committee

• Enterprise Compliance and Operational Risk Committee

This role is remote eligible in the continental U.S. with occasional business travel. However individuals residing within a 60-mile radius of a USAA office will be expected to work on-site four days per week.

What youll do:

• Works with FSB senior level executives as a trusted advisor to define their business problem and structure a strategic Information Security engagement plan and ensures security strategies support FSB business goals. This includes understanding FSB specific business needs and risk profiles.

• Responsible for defining implementing and contributing to the creation and upkeep of security policies and procedures specific to the FSB such as the FSB Information Security Policy Addendum.

• Actively participates as an extended member of the FSB senior leadership team and accountable for understanding and contributing to the strategic goals and embedding Information Security risk management into their culture. Key stakeholder engaged with centralized Information Security functions in response to security incidents within FSB area of responsibility.

• Provides thought leadership that directly shapes the analysis design and implementation of business performance approaches providing tailor-made information security solutions while working closely with senior level executives to ensure positive impact and sustainable results.

• Serves as a trusted advisor and leads cross-functional matrixed teams to solve highly complex and high value Information Security related business problems.

• Accountable for third party relationship management for the central Information Security affiliate service provider (USAA) inclusive of defining the services ensuring appropriate contractual SLAs & D&Os are in place executing ongoing monitoring reporting of the service delivery and holding providers accountable for service level performance via Affiliate agreement.

• Owns and facilitates the feedback loop for improvement opportunities across all Information Security programs and with the FSB senior level executives to include assessment and reporting of Corrective Action Plans to improve Information Security programs and initiatives.

• Provides support to the FSB President and General Managers for the day-to-day execution of one or more Information Security strategic engagements and the quality of those solutions.

• Provides Information Security risk understanding and enables sound decision making throughout the strategy engagement to identify prioritize and mitigate Information Security risks including escalating managing and reporting control issues; follows written risk and compliance policies standards and procedures for business activities.

• Serves as a liaison between the central Information Security (USAA) team and various FSB business unit. This involves translating technical security information into business-relevant terms and vice-versa.

• Identifies assesses and helps manage cybersecurity risks within FSB business unit. This would include collaborating on risk acceptance mitigation or transfer decisions. This is not solely limited to cyber risks; other areas like technology regulatory and information security risks might also fall under their purview.

• Ensures compliance with relevant regulations and internal policies within FSB business unit. This includes understanding and implementing cybersecurity policies and procedures.

• Works with USAA IT teams to implement and manage appropriate security technologies within FSB business unit.

• Support and collaborate with the Chief Information Security Officer in communication of cybersecurity information to regulators FSB board relevant committees and senior level business stakeholders. This includes effectively explaining the business impact of cybersecurity risks.

• Cultivates strong relationships with business leaders IT teams and other stakeholders.

• Responsible for governance over central security awareness training programs for employees within FSB business unit in addition to providing key inputs and expertise in the implementation of the Enterprise Information Security Training Plan within the FSB to include verifying training participants complete required training and understand Information Security requirements.

• Collaborates with key stakeholders and FSB leaders to create written and verbal communications to senior level executives and at times the Board of Directors that provide clear guidance on Information Security strategic timeline owners required investments risk mitigation and expected results.

• Responsible for developing more junior team members assigned to support Information Security strategy engagements.

• Attends and actively participates in Information Security forums and Risk Committees when necessary.

• Ensures risks associated with business activities are effectively identified measured monitored and controlled in accordance with risk and compliance policies and procedures.

What you have:

• Bachelors degree in information security Information Technology Computer Science Business Administration Information Systems/Management or related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree.

• 10 years of related experience in Information Security Cybersecurity and/or Information Technology in a large organization major consulting firm or US military.

• 6 years of experience leading highly complex projects/initiatives in Information Security Cybersecurity and/or Information Technology with accountability for ensuring compliance with federal/state/regulatory information security and risk management policies standards and guidelines.

• 4 years of experience providing advisory services to a line of business and/or staff agency on risk issues related to Information Security and recommending actions in support of a Banks broader risk management and compliance programs.

• Demonstrated strategy development and thought leadership within Information Security and/or Cybersecurity.

• Leading edge knowledge and expertise in theories techniques and/or technologies within Information Security and/or Cybersecurity and application in a financial services and/or business operations environment.

• Mastery of Information Security and/or Cybersecurity consulting skills to include gathering and synthesizing business requirements and communicating and/or facilitating constructive opportunities to a variety of audience levels.

• Demonstrated experience in and understanding of multiple information security domains (e.g. cyber regulation; policy & standards; network security; application security; identity & access management; security risk identification and management; supply chain security; cloud security; cryptography; data security etc.).

• Demonstrated experience in guiding and influencing sound business risk and security remediation strategies aligned with core business objectives and risk appetite without direct authority.

• Exceptional relationship management building skills with the ability to nurture and maintain collaborative partnerships across all levels of an organization to include C-suite and Board of Directors.

What sets you apart:

• Demonstrated understanding of the full spectrum of regulatory actions including examinations and other supervisory engagements and processes such as:

• the organizations risk management framework governance standards capabilities and risk strategy across all lines of business

• OCC Federal Reserve FFIEC FINRA FDIC and FinCEN expectations

• GLBA expectations

• CISSP

• CIPP/US CFE are preferred.

• US military experience through military service or a military spouse/domestic partner

Salary: The salary range for this position is: $195230-$351410.

Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position.

Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

Long Term Incentive Plan: Cash payment for Executive level roles only representing a cash payment which is both time and performance based.

Benefits: At USAA our employees enjoy best-in-class benefits to support their physical financial and emotional wellness. These benefits include comprehensive medical dental and vision plans 401(k) pension life insurance parental benefits adoption assistance paid time off program with paid holidays plus 16 paid volunteer hours and various wellness programs. Additionally our career path planning and continuing education assists employees with their professional goals.

For more details on our outstanding benefits visit our benefits page on .

Applications for this position are accepted on an ongoing basis this posting will remain open until the position is filled. Thus interested candidates are encouraged to apply the same day they view this posting.

USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or status as a protected veteran.