Chief Information Security Officer

About us:

Think BIG. Achieve More.

At City National Bank of Florida, we invest in our people and the communities we serve. Join a team where ambitious careers and meaningful relationships thrive together. We’re entrepreneurs at heart—growing fast, making an impact, and shaping the future of banking in Florida. To learn more about City National Bank of Florida visit About Us!

The Chief Information Security Officer (CISO) is a senior executive responsible for establishing, governing, and continuously enhancing the Bank’s enterprise‑wide information security and cyber risk management program. The CISO serves as a strategic advisor to the Chief Operating Officer, executive management, and the Board of Directors on cyber risk, ensuring that information security capabilities appropriately balance regulatory expectations, risk appetite, business growth, operational resilience, and customer experience.

While reporting administratively to the Chief Operating Officer, the CISO maintains independent authority to assess, challenge, escalat and report cybersecurity risks directly to executive management, the Enterprise Risk Committee, and the Board of Directors.

The CISO provides independent oversight of information security risks across the Bank, including technology, data, third‑party relationships, and emerging digital initiatives, while ensuring compliance with applicable laws, regulations, and regulatory guidance.

This role is accountable for safeguarding the confidentiality, integrity, and availability of the Bank’s information assets and for maintaining a resilient security posture in an evolving threat landscape. This accountability includes oversight of emerging technology risks, including artificial intelligence (AI), machine learning, and automated decision‑making systems, as they relate to cybersecurity, data protection, third‑party risk, and regulatory compliance.

• Define and execute a risk based information security strategy aligned with the Bank’s business objectives, digital initiatives, and regulatory requirements.
• Establish and maintain the Bank’s Information Security Program, including policies, standards, procedures, and governance frameworks.
• Partner closely with the Chief Operating Officer and Enterprise Risk Management to integrate cybersecurity risk management into core operational processes and the Bank’s overall risk management framework.
• Provide independent challenge and credible oversight of technology and business initiatives from a cybersecurity risk perspective.

• Serve as the primary executive responsible for communicating cybersecurity risks, trends, and overall security posture to senior management, the Enterprise Risk Committee, and the Board of Directors.
• Maintain direct and unrestricted access to the Board of Directors and its committees on cybersecurity and information security risk matters.
• Develop and present clear, actionable cyber risk metrics, key risk indicators (KRIs), and maturity assessments to support informed decision making.
• Advise executive leadership on material cybersecurity risks, risk trade offs, and mitigation strategies.

• Ensure compliance with GLBA, applicable privacy and cybersecurity regulations, and regulatory guidance.
• Own and manage the enterprise wide GLBA Risk Assessment and other cybersecurity risk assessments.
• Act as the primary point of contact for regulators, internal audit, and external auditors on information security matters, including the timely remediation of findings and issues.
• Regulatory updates to the OCC and FDIC must demonstrate Information Security program governance effectiveness, risk awareness, control maturity, incident readiness, and board oversight.

• Maintain executive oversight of the Bank’s cybersecurity incident response and crisis management framework.
• Has authority to elevate, isolate, suspend, or recommend cessation of systems, vendors, or business processes during cybersecurity incidents where material risk to the Bank exists, with direct…