×
Register Here to Apply for Jobs or Post Jobs. X

VP, Lead Security Risk Analyst

Job in Santa Ana, Orange County, California, 92701, USA
Listing for: Banc of California
Full Time position
Listed on 2026-07-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant
Job Description & How to Apply Below

VP, Lead Security Risk Analyst

BANC OF CALIFORNIA AND YOUR CAREER

Banc of California, Inc. (NYSE: BANC) is a bank holding company with over $34 billion in assets and the parent company of Banc of California. Banc of California is one of the nation's premier relationship-based business banks, providing banking and treasury management services to small, middle market, and venture backed businesses. The bank also provides full-service payment processing solutions to its clients and serves the Community Association Management industry nationwide through its technology forward platform, Smart Street™.

THE OPPORTUNITY

The VP, Lead Security Risk Analyst leads enterprise-wide Information Security risk engagement across corporate initiatives, embedding security-by-design principles into business and technology decisions. This role drives the development and execution of the Information Security risk and GRC programs, conducting complex, high-impact risk assessments across enterprise architecture, cloud, AI/ML, and third-party environments. Serving as a senior advisor, the position partners with leadership, architects, and engineering teams to translate regulatory and security requirements into actionable architectural controls and secure design standards.

The VP, Lead Security Risk Analyst also drives cross-functional remediation efforts to ensure risks are effectively managed in alignment with the organization's risk appetite.

HOW YOU'LL MAKE A DIFFERENCE

Lead enterprise Information Security engagement across all enterprise-wide corporate projects, championing security by design principles, influencing security decisions without direct authority and driving alignment across multiple business and technology domains. Contribute to the development, management, and ongoing improvement of the Information Security risk program, compliance initiatives, and overall security risk posture. Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.

Maintain Information Security risk register, report monthly to appropriately address key risk areas. Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively. Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence. Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.

Lead and deliver enterprise and domain risk assessments (at least annually, or event driven) using consistent methodology that complies with regulatory requirements Conduct and lead the bank's most complex and high-impact risk assessments, including those involving enterprise architecture, modernization initiatives, AI/ML platforms, cloud deployments, or third-party integrations. Drive cross-functional remediation initiatives, ensuring timely resolution of identified issues and alignment with enterprise risk appetite.

Act as the primary GRC representative and senior advisor in enterprise security architecture projects, ensuring that security, compliance, and risk considerations are embedded in design decisions for cloud, infrastructure, and applications. Lead architecture-focused risk assessments for new technologies, major system integrations, cloud migrations, and high-impact projects to identify systemic risks and required compensating controls. Translate security policies, standards, regulatory requirements and control frameworks into detailed architectural requirements, control patterns, and secure design standards consumable by engineering and application teams.

Advise solution architects, engineers, and product teams on secure design patterns, identity and access architecture, encryption frameworks, data protection requirements, and logging/monitoring standards. Evaluate the security implications of modernization initiatives, and system migrations ensuring risks are documented and mitigated through appropriate design. Define architecture-aligned security requirements and control baselines that engineering and architecture teams use to build secure-by-design systems. Partner with detection engineering and cloud teams to ensure logging, auditability, and monitoring capabilities are embedded in the technology stack.

Lead complex and technical vendor security reviews, including onboarding assessments, and high-risk assessments involving cloud platforms, data integrations, and critical infrastructure providers. Follow all established policies and procedures. Perform other duties and projects as assigned.

WHAT YOU'LL BRING

Bachelor's degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CISSP ISSAP, SABSA, CCSP, GCAD, CRISC, CISSP). 7-9+ years of experience in GRC,…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary