Director of IT Security

As the Director of Security, you keep BWE secure while we move boldly forward. You lead with vigilance and vision - protecting systems, data, and people as we embrace digital transformation and AI innovation. We depend on your leadership to manage risk, guide compliance, and build a culture of proactive security. Your work safeguards our foundation and enables our future.

Responsibilities:

• Define and execute the enterprise security strategy in alignment with organizational goals, risk appetite, and BWE's AI-native transformation initiatives.
• Oversee and continuously assess BWE's cybersecurity posture, including threat detection, incident response, and risk management while preparing security frameworks for AI tool deployment and citizen development initiatives.
• Lead security governance efforts, including policy development, training, and compliance with regulatory and contractual standards (e.g., SOC 2, GLBA) while establishing frameworks for AI governance and responsible technology deployment.
• Collaborate with IT, legal, operations, and business leaders to identify and mitigate security risks across systems, data, vendors, and emerging AI technologies.
• Evaluate and manage third-party tools, security services, and vendor relationships including AI platform security assessments and vendor risk management.
• Serve as the executive point of contact for security audits, incidents, and client inquiries while ensuring transparent communication about security posture and AI-related risk management.
• Monitor emerging threats and security trends, particularly AI-related security risks; recommend improvements to technology and process safeguards.
• Lead internal incident response planning, tabletop exercises, and post-incident analysis with particular focus on AI-related security scenarios.
• Partner with AI leadership to establish AI security governance frameworks including data protection, model security, and algorithmic transparency requirements.
• Establish security standards and oversight for citizen development initiatives, ensuring business-user-created automation meets security and compliance requirements.
• Lead, coach, and develop security team members while building capabilities in AI security, cloud security, and modern threat detection.
• Drive security culture transformation across the organization, moving from compliance-focused to risk-intelligent security practices that enable business innovation.

Near-Term Deliverables:

• Conduct comprehensive security posture assessment including current capabilities, gaps, and transformation requirements with prioritized remediation roadmap aligned to BWE's strategic initiatives.
• Develop AI security governance framework addressing model security, data protection, prompt injection prevention, and AI vendor risk management with implementation timeline.
• Establish security metrics dashboard tracking key indicators (incident response times, vulnerability remediation rates, compliance scores, training completion) with executive reporting cadence.
• Create citizen development security guidelines and governance framework ensuring business-user automation meets security standards without hindering innovation.
• Research and recommend AI-powered security tools for threat detection, incident response, and security monitoring with cost-benefit analysis and implementation roadmaps.
• Lead tabletop exercises focused on AI-related security scenarios including data breaches, model manipulation, and vendor service disruptions.
• Establish a vendor security assessment framework specifically addressing AI platform providers and their security, privacy, and compliance capabilities.
• Complete advanced security training in AI security, zero trust architecture, or cloud security frameworks with demonstrated competency and application to BWE's environment.
• Partner with business leadership to create a security awareness program that builds security culture while enabling AI adoption and digital transformation.
• Develop security incident response procedures specifically for AI-related incidents including model failures, data exposure, and algorithmic bias detection.

Minimum Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field; Master's degree preferred.
• 7+ years of progressive cybersecurity experience with 3+ years in leadership roles.
• Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, SOC 2) and regulatory compliance (GLBA, SOX, etc.).
• Experience leading incident response, risk management, and security governance programs.
• Proven track record managing security audits and regulatory examinations.
• Experience with cloud security, identity and access management, and modern security architectures.
• Knowledge of AI/ML security considerations and emerging technology risk management.
• Strong understanding of CRE and/or financial services regulatory and compliance requirements.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to translate technical security concepts into business risk language for executive audiences.

Preferred Qualifications:

• Relevant security certifications (CISSP, CISM, CRISC, or equivalent).
• Experience with zero trust architecture and modern security frameworks.
• Knowledge of AI governance, algorithmic bias, and responsible AI deployment.
• Experience in mortgage banking, lending, or financial services industry.
• Previous experience building security programs during digital transformation initiatives.
• Advanced degree in Cybersecurity, Risk Management, or related field.

We encourage you to explore the career opportunities we have available here at BWE!