SVP of Data and Cyber Security

Address

We're always looking for bright individuals to join our growing organization. As a part of the First Financial Family, we will invest in your development and provide a dynamic work environment where you're challenged, valued and empowered every day. We strive to be the best destination for the industry's top talent, creating a diverse, collaborative workplace that celebrates innovation and change. We are one team, working together to get things done.

Job Description:

Office Location:

Abilene, Texas, United States

SCOPE/CONTACTS:

The Senior Vice President of Data and Cyber Security is responsible for setting the strategic direction and overseeing all aspects of data protection and cybersecurity across the organization. This executive role leads the development and execution of policies, standards, and programs that safeguard the company's digital assets, infrastructure, and sensitive information. Reporting to the Chief Information Officer (CIO), the SVP plays a key role in risk management, regulatory compliance, and enterprise resilience.

ESSENTIAL FUNCTIONS:

• Define and lead the enterprise-wide strategy for data security, cybersecurity, and risk mitigation.
• Oversee the development, implementation, and enforcement of security policies, standards, and procedures.
• Monitor and evaluate emerging threats, vulnerabilities, and regulatory changes, ensuring the organization remains proactive and compliant.
• Lead incident response planning and execution, including post-event analysis and reporting to senior leadership.
• Review and present risk assessments, audit results, and security investigations to executive leadership and the board as needed.
• Ensure alignment of security initiatives with business objectives and technology strategy.
• Build and lead a high-performing team of cybersecurity and data governance and analytics professionals.
• Serve as the organization's senior-most expert on data governance, privacy, and cyber risk.
• Partner with legal, compliance, and business units to ensure adherence to data protection laws and industry standards.
• Direct and participate in the preparation of an annual information security risk and threat assessment, and in the documentation of related controls and procedures.
• Participate in the development of security policies for information systems, both electronic and non-electronic.
• Evaluate the security features of new customer information systems including mobile, social media, and internet-based systems to ensure that the security meets the security requirements of existing policies. In this regard, the incumbent will participate in the change management process, review proposed new information systems and/or changes to existing information systems and evaluate the impact of these systems and changes on information security systems, policies, procedures and practices.
• Maintain an awareness of changes in industry by attending classes, workshops, and seminars as required to maintain a high level of proficiency in the fields of information security and, reading about and being aware of the trends regarding Business Continuity Plan and Security in the industry.
• Facilitate the development and implementation of disaster recovery and business continuity plans and procedures.
• Act as an internal information security consultant to the company's business and technology units by providing advice on risks, vulnerabilities and control practices on new and existing products and services, current and proposed changes to business processes and existing or planned technology systems.
• Assist other departments in providing guidance for their required risk assessments including business continuity and vendor management as well as identification of relevant controls and tests.

MINIMUM QUALIFICATIONS:

• Bachelor's or Master's degree in Information Security, Data Science, Computer Science, or a related field.
• 10+ years of progressive leadership experience in cybersecurity and data governance, ideally within banking or financial services.
• Deep understanding of banking regulations and cybersecurity frameworks, including FFIEC, GLBA, NIST, and ISO 27001.
• Strong knowledge of cloud security, data analytics platforms, and regulatory technology (RegTech).
• Experience with core banking systems, digital banking platforms, and secure API ecosystems.
• Demonstrated ability to balance innovation, customer experience, and regulatory compliance.
• Professional certifications such as CISSP, CISM, CRISC, CDMP, or equivalent preferred.
• Strong leadership and communication skills, with the ability to influence and collaborate across all levels of the organization.
• Proven ability to translate complex technical concepts into clear, actionable strategies for executive stakeholders.

The above statements reflect the general details considered necessary to decide the principal functions of the job identified and shall not be construed as a detailed description of all work requirements that may be inherent in the job.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)