Director, Information Security

A US bank is seeking a Director, Information Security to lead and oversee its information security program.

Location: Hybrid – Austin, TX

The Director, Information Security will be responsible for developing, implementing, and maintaining comprehensive security strategies to protect the organization’s information assets, systems, and data. This role requires a strategic leader who can balance risk management with business enablement while ensuring compliance with regulatory requirements.

Key Responsibilities:

• Develop and execute the enterprise information security strategy and roadmap
• Lead and manage the information security team, providing guidance, mentorship, and professional development
• Oversee security operations, including threat detection, incident response, and vulnerability management
• Establish and maintain security policies, standards, and procedures aligned with industry best practices and regulatory requirements
• Conduct risk assessments and develop mitigation strategies to address identified vulnerabilities and threats
• Collaborate with IT, compliance, legal, and business units to integrate security into all aspects of operations
• Manage relationships with third-party security vendors and service providers
• Monitor emerging security threats and technologies, recommending appropriate countermeasures
• Prepare and present security metrics, reports, and briefings to executive leadership and the board
• Ensure compliance with applicable regulations, including GLBA, FFIEC guidelines, and other financial services security standards
• Lead security awareness and training programs across the organization
• Manage the information security budget and resource allocation

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or related field; Master’s degree preferred
• 10+ years of progressive experience in information security, with at least 5 years in a leadership role
• Strong knowledge of security frameworks such as NIST, ISO 27001, and CIS Controls
• Experience in the financial services industry and familiarity with banking regulations
• Professional security certifications such as CISSP, CISM, or CISA required
• Proven track record of developing and implementing enterprise security programs
• Strong understanding of network security, application security, cloud security, and identity and access management
• Experience with security technologies including SIEM, IDS/IPS, DLP, and endpoint protection
• Excellent leadership, communication, and interpersonal skills
• Ability to translate technical security concepts for non-technical stakeholders
• Strong analytical and problem-solving abilities
• Experience managing security budgets and vendor relationships

Compensation: DOE