Enterprise Risk Officer II

Description:

Who We Are:

FFB, a dynamic and acclaimed single-branch bank born in the heart of Fresno, CA in 2005, is on a mission to redefine the banking experience. Our commitment to delivering top-notch banking services has propelled us to the forefront of the industry, earning us accolades and recognition. At FFB, we recognize the uniqueness of each individual who walks through our doors, and our dedicated team strives to craft personalized banking solutions that cater to their distinct needs.

What sets FFB apart is not just our Fresno roots but the diverse talents that make up our team, hailing from every corner of the country. We firmly believe that our people are our greatest strength, and we're constantly on the lookout for ambitious and passionate individuals who align with FFB's vision, regardless of their location.

If you're ready to be part of a winning team and contribute to our ongoing success story, we invite you to apply and join the FFB family!

Recent Achievements Speak Louder Than Words:

• 2024 & 2025
  - American Banker - #1 Top Performing Publicly Traded Bank with under $2b in assets
• 2023 - American Banker - "Top 5" Community Bank in the Country #4
• 2023 - OTCQX - Best 50 Companies #3
• 2023 - 5-star Rating Bauer Financial

What You Should Expect While Working at FFB:

• Company ownership through our Employee Stock Ownership Program (ESOP)
• A friendly, close-Knit work culture that encourages growth
• Opportunities to Participate in Community Networking Events
• Benefits Package

o Medical/Dental/Vision

o Life Insurance

o Paid Vacation

o 401(k) Retirement Plan

o Training & Development

o Tuition Reimbursement

o Employee Assistance Program

o Internal Job Posting & Referral Program

Ideal Candidate:FFB prides itself on its core values of Teamwork, Relationship, Authenticity, and Commitment (TRAC). We expect that our team members will reflect these values in the workplace in various ways:

• Teamwork We collaborate, hold each other accountable, and win together.
• Relationship We are trustworthy, transparent, and respectful.
• Authentic We are humble, vulnerable, and we speak up.
• Commitment We are  hungry, responsive, and have a sense of urgency.

About the Position:

The Enterprise Risk Officer II is a senior-level risk professional responsible for leading key components of the Banks Enterprise Risk Management framework, with specialized oversight of IT Risk and Information Security. This role exercises independent judgment, serves as a trusted advisor to management, and provides day-to-day ownership of select ERM programs. In addition, the officer performs part-time Information Security Officer duties within ERM under the guidance of the Director of Enterprise Risk Management and in collaboration with the Chief Operations Officer, focusing on governance, risk oversight, and regulatory alignment rather than daily IT operations.

The role partners closely with business leaders, Compliance, Audit, IT, and Information Security stakeholders to identify, assess, mitigate, and report technology, cybersecurity, and enterprise risks, while mentoring ERM staff and supporting the ongoing evolution of ERM and Information Security governance frameworks.

Note:
This role does not perform day-to-day IT operations and does not replace technical IT security staff. The ISO responsibilities are governance-, oversight-, and risk-focused.

Essential Duties:

• Performs Information Security Officer (ISO) responsibilities as a governance and risk oversight function within ERM, in alignment with FFIEC, GLBA, and regulatory expectations.
• Provides second-line oversight of the Banks Information Security Program, ensuring appropriate policies, standards, and controls are established and maintained.
• Partners with the CTO and IT leadership to review cybersecurity risks, security incidents, vulnerability assessments, and remediation activities.
• Supports periodic Information Security Risk Assessments, ensuring results are documented, reported, and incorporated into the enterprise risk profile.
• Assists with preparation of Board- and committee-level Information Security reporting, including risk posture, trends, and material issues.
• Supports regulatory examinations, audits, and inquiries related to Information Security, cybersecurity, and IT risk governance.
• Ensures Information Security risks are appropriately integrated into ERM programs such as RCSA, Third-Party Risk Management, Incident Management, and DR/BCP.
• Owns designated ERM functions, including IT Risk and Information Security risk oversight, as assigned by the Director of ERM.
• Leads the design, execution, and continuous improvement of assigned ERM programs, ensuring technology and cybersecurity risks are appropriately incorporated.
• Evaluates risk exposures and control effectiveness independently, recommending actions to management and escalating material risks as appropriate.
• Acts as ERMs designated representative for Information Security governance, supporting Board, management committees, audits, and regulatory interactions related to…