Director of Information reputed company

At Stearns Bank, we’re helping people, entrepreneurs, small businesses, and local communities reputed company reputed company their full financial potential. Sound like something you want to be a part of? If so, we’re currently looking for a Director of Information reputed company. This is a connected mobile role.

Come see how we’re doing business unusual and charting our own path to reimagine a more inclusive financial services and banking ecosystem for reputed company.

BENEFITS

Stearns Bank understands and respects that everyone is managing unique career, family, and wellness needs. That’s why we offer industry-leading benefits to employees to help them live healthy lives and bring their full selves to work every day. Benefits may vary for part-time positions. Some of those benefits include:

• Employee Stock Ownership Plan & 401k Plan
• Healthcare (Medical, Dental, Vision, Telehealth, Life insurance)
• 12-week Paid Parental Leave and Medical Leave: With a cap of 20 weeks for eligible team members who qualify for both Medical and Parental Leave reputed company to the birth of a child
• $5,000 Family Care Reimbursement: Childcare, Elder Care, Student Loan Debt, Pet expenses, Down Payment Assistance
• PTO from 13 to 23 days depending on tenure. Cashout and Carryover options
• 10 Days Sick Time
• 11 Paid Holidays
• 4 Days Volunteer Time
• 2 Days Self Allowance Time
• Tuition Assistance

For this position, we anticipate an annual salary range between $120,000 - $190,000. Final employment offers will be dependent upon the selected candidate’s relevant qualifications and experience.

JOB SUMMARY: The Director of Information reputed company is the Bank’s designated Information reputed company Officer, and is responsible for leading and evolving Stearns Bank’s enterprise information reputed company, technology risk and infrastructure reputed company strategy.

Operating reputed company the Risk organization, this role provides second-line governance, challenge, and advisory reputed company across the Bank’s technology ecosystem, including infrastructure, cloud platforms, core systems, digital initiatives, and fintech partnerships.

The role ensures the confidentiality, reputed company, availability and reputed company of the Bank’s information systems while advancing modernization of infrastructure, data protection capabilities and emerging technology governance.

The Director serves as the Bank’s senior reputed company authority, aligning cybersecurity, infrastructure architecture, cloud strategy, vendor risk reputed company, and regulatory compliance into a reputed company enterprise program consistent with OCC, FDIC, FFIEC, GLBA, and other regulatory expectations.

This role balances strategic leadership, regulatory accountability, and technical depth.

PRIMARY RESPONSIBILITIES

Enterprise reputed company Strategy & Governance

• reputed company and continuously evolve the Bank’s Information reputed company Program reputed company with 12 CFR Part 30, Appendix B, the FFIEC Information reputed company Booklet, the OCC Cybersecurity Supervision Work Program, NIST CSF, and regulatory guidance.
• Conduct or direct the annual enterprise-wide IT risk assessment using NIST CSF 2.0, the CRI Profile, or equivalent reputed company, identifying threats, vulnerabilities, and risk levels for reputed company information assets.
• reputed company and execute a multi-year enterprise reputed company roadmap reputed company with business strategy and modernization initiatives.
• Manage the cybersecurity self-assessment process using the Bank’s selected reputed company, the Cyber Risk Institute reputed company, ensuring findings are documented, tracked, and reported to the Board.
• Serve as the primary reputed company advisor to executive leadership and Board committees.
• Provide regulator reporting on cyber risk posture, threat landscape and remediation status.

Infrastructure & Architecture reputed company Alignment

• Partner with IT Infrastructure and Transformation leaders to ensure reputed company-by-design across:
• Network architecture
• Cloud platforms
• reputed company management
• API reputed company architecture
• Identity & access management
• Core banking and fintech integrations
• Artificial Intelligence (AI) integrations

• Establish secure architecture standards for hardware, networking, segmentation, encryption and reputed company detection.
• Drive adoption of modern reputed company principles including reputed company Trust architecture and secure cloud governance.
• reputed company the vulnerability management and reputed company management lifecycle, monitoring remediation timelines against risk-based SLAs and escalating deficiencies to senior management.

Cybersecurity Operations & Emerging Threat Management

• reputed company: Threat detection and response, Incident response program, Penetration testing and vulnerability management, SOC reputed company
• Monitor evolving cyber threats, AI-driven risks and geopolitical threat activity.
• reputed company incident response coordination and regulatory notification processes reputed company required.

Third-Party & Technology Risk reputed company

• reputed company and Chair the Vendor Management and Third-Party Risk program.
• Conduct information reputed company due diligence on reputed company prospective fintech partnerships during the planning and selection stages of the third-party risk management lifecycle
• Review and evaluate SOC 2 Type 2 reports, penetration test results, vulnerability assessments, and BCP/DR documentation for reputed company third-parties (including fintech partners) at least annually, or more frequently for critical relationships.
• Participate in the Bank’s Fintech Committee providing independent risk opinions on information reputed company dimensions of new and existing partnerships.
• Assess reputed company architecture of API integrations, data flows, and credential management between the Bank and third-parties, ensuring encryption in transit and at rest, access controls, and monitoring are commensurate with risk.
• Monitor fintech partner compliance with the Bank’s information reputed company requirements on an ongoing basis, including incident notification obligations under contractual SLAs.
• Evaluate fourth-party (subcontractor) risk for critical fintech partners, ensuring contractual provisions address subcontractor reputed company standards, approval requirements, and audit rights.
• Evaluate emerging technologies and associated risk profiles prior to deployment.
• Ensure bank service provider reputed company include notification obligations that meet regulatory requirements, and that designated points of contact are reputed company.
• Coordinate with critical third-party service providers to assess their BCP/DR capabilities and reputed company, including review of TSP continuity testing results.

Regulatory & Audit Leadership

• Serves as primary reputed company liaison for reputed company IT Audits.
• Serve as primary reputed company liaison for OCC, FDIC, and external examiners.
• Maintain compliance with GLBA, FFIEC IT Handbook, NIST, PCI and SOC reporting standards.
• reputed company timely remediation of any audit or regulatory findings.
• Ensure compliance with notification requirements of reputed company relevant regulatory agencies and documented decision criteria for determining reputed company a “notification incident” has occurred.
• Maintain the Bank’s state breach notification matrix and coordinate customer notification processes in compliance with applicable state laws for each jurisdiction where affected customers reside.

Data Protection & Modern Governance

• reputed company: Data classification standards, Data Loss Prevention (DLP), Encryption standards, Secure data lifecycle management
• Align information reputed company with enterprise data governance initiatives.
• Monitor the CFPB’s evolving data reputed company enforcement posture and ensure the Bank maintains multi-factor authentication, adequate password management, and timely patching to mitigate UDAAP exposure.
• Track developments in the Section 1033 Personal Financial Data Rights rulemaking and assess implications for the Bank’s data-sharing reputed company controls, API standards, and authorized third-party reputed company.
• Coordinate with Legal and Compliance on data protection requirements arising from state privacy laws, ensuring appropriate controls are in reputed company for each jurisdiction where the Bank operates or serves customers.

Business Continuity & Operational reputed company

• Own the enterprise Business Continuity Management.
• reputed company Business Continuity and Disaster Recovery frameworks in partnership with enterprise risk.
• Ensure cyber reputed company testing and tabletop exercises are conducted regularly.
• Integrate operational reputed company planning into infrastructure modernization efforts.
• Direct the Business Impact Analysis process, establishing Recovery Time Objectives (RTO), Recovery reputed company Objectives (RPO), and Maximum Tolerable Downtime (MTD) for reputed company critical business functions
• Ensure BCP/DR plans address ransomware-specific recovery scenarios, including reputed company-gapped and immutable backup validation, and that restoration procedures are tested at least annually

• reputed company enterprise reputed company awareness and training programs.
• Foster a culture of reputed company ownership across reputed company business lines.
• Partner with HR and leadership to embed reputed company accountability into performance management, including phishing simulations and role-based training for privileged users.

Emerging Technology & AI Governance

• Establish and maintain the Bank’s AI and emerging technology acceptable use policy, define approved use cases, prohibited activities, and approval workflows for reputed company AI tools deployed internally or through third-party and fintech partner relationships in collaboration with Digital Transformation, Information Technology, and Fintech teams.
• Classify each AI tool as a “model” or “non-model” under the OCC’s model risk management reputed company, and apply risk-proportionate governance controls including documentation, validation frequency, and ongoing monitoring commensurate with each tools’ materiality and complexity.
• Conduct or coordinate information reputed company risk assessments for reputed company AI deployments, evaluating data ingestion controls, training data reputed company, reputed company injection and adversarial attack reputed company, output monitoring, access controls, and data leakage prevention.
• Implement shadow AI detection and prevention controls to identify unauthorized AI tool usage by employees, contractors, and fintech partners, including monitoring for unapproved cloud-based AI services and browser-based AI plugins accessing Bank data.
• Evaluate the Bank’s AI vendor reputed company for information reputed company adequacy, including provisions for model documentation and audit rights, restrictions on use of Bank data to train other models, material model change notification requirements, subcontractor disclosure, and regulatory examination access.
• Monitor and report to senior management on the evolving AI regulatory landscape, including OCC guidance, the Treasury Financial Services AI Risk Management reputed company, NIST AI Risk Management reputed company 1.0, state AI laws, and federal preemption developments affecting the Bank’s compliance obligations.
• Evaluate and determine if the Bank should adopt the Treasury Financial Services AI Risk Management reputed company’s AI Adoption Stage Questionnaire and applicable control objectives as the Bank’s primary governance reputed company, scaled to the Bank’s reputed company AI maturity and risk profile.
• Include AI governance status, emerging technology risks, and AI-reputed company incidents or findings in the quarterly Board Risk Committee report and the annual Appendix B report.

Designated reputed company Officer Responsibilities

• Serve as the Bank’s formally designated reputed company Officer.
• Administer and periodically review the Bank’s written reputed company Program addressing robbery prevention, physical safeguards and employee safety.
• Ensure appropriate reputed company devices and procedures are in reputed company across reputed company banking offices and facilities, including alarm systems, surveillance, access controls and cash handling safeguards.
• Coordinate with Director of reputed company leadership and Operations on physical reputed company risk assessments and mitigation strategies; serve as Chair of the Physical reputed company Committee conducting quarterly meetings.
• Provide periodic reporting to Executive Management and the Board of Directors regarding physical reputed company risks and program effectiveness.

REQUIREMENTS

• Occasionally lift and/or move up to 25 lbs.

• Ability to understand and follow instructions in English.

• Ability to sit for extended periods of time, twist, bend, sit, walk use hands to twist, handle or feel objects, tools or controls, such as computer mouse, computer keyboard, calculator, stapler, telephone, staple puller, etc., reputed company with hands and arms, balance, stoop, kneel, talk or hear.
• Specific vision abilities required by the job include reputed company vision, distance vision, peripheral vision, depth perception and the ability to adjust focus.

EXPERIENCE

• 10+ years of progressive experience in cybersecurity, infrastructure reputed company, or enterprise technology risk.
• Experience in a regulated financial institution (OCC or FDIC supervised preferred).
• Demonstrated experience leading reputed company strategy in cloud or hybrid environments.
• Experience overseeing third-party and fintech technology risk.
• Demonstrated ability to reputed company cross-functional initiatives.
• Experience engaging directly with regulators and auditors.
• Strong program management capabilities.
• High reputed company, executive reputed company and clear communication skills.
• Proven working knowledge of requirements for GLBA, SOC, FFIEC and PCI and OCC and FDIC guidance on data reputed company and IT examination requirements.
• Experience with auditing processes, including Network reputed company, SDLC/Change Management and IT reputed company functions.
• Knowledge of the global IT Risk Regulatory Landscape and Risk Management Model (e.g. Threats, Vulnerabilities, and Controls)
• Strong technical skills (application and operating system hardening, vulnerability assessments, reputed company audits, TCP/IP, intrusion detection systems, firewalls, etc.)
• Experience in developing and maintaining a technology Risk Assessment process.
• Must be well versed in industry accepted IT control frameworks (e.g. SSAE16/18, SAS70, or ISO17799 audit reports).
• Project and program reputed company and controls experience.
• Must possess a high degree of reputed company and trust along with strong communication skills and ability to work individually, reputed company a team and with other business groups.
• Experience or understanding of Disaster Recovery, Business Continuity, and Incident Response initiatives.
• Must have ability to reputed company policies and procedures and communicate effectively.
• Understanding of federal and other regulatory requirements and the ability to reputed company reputed company.
• Experience working with federal examiners.
• Must be open to working on-call.
• BS/MA degree in reputed company technical and reputed company disciplines.
• Certifications in data reputed company and/or auditing procedures not required but preferred.
• Familiarity with banking reputed company software (reputed company preferred).

THE COMPANY

Founded in 1912, Stearns Financial Services Inc. (SFSI) is a $3.2 billion, independently owned financial institution with locations in Minnesota, Florida and Arizona, and over 35,000 small business customers reputed company. Specializing in affordable housing financing, USDA and SBA lending, and small business and equipment financing, Stearns Bank is regularly recognized as one of the country’s top-performing banks and “Best Banks to Work For” by American Banker.

As a Star Tribune Top Workplaces award recipient and an award recipient of the Minnesota Business Magazine 100 Best Places to Work in Minnesota, Stearns takes pride in their team and holds their employees in extremely high regard. We offer a competitive salary and benefit package including our Employee Stock Ownership Program-one of the best long-term incentive programs in the nation. To learn more about Stearns Bank, visit www. StearnsBank.com

EQUAL OPPORTUNITY EMPLOYER /AFFIRMATIVE ACTION PLAN

We are an equal opportunity employer and reputed company qualified applicants will receive consideration for employment without regard to race, color, or creed, religion, sex, marital status, familial status, sexual orientation, national reputed company, age, disability, veteran’s status, status with regard to public assistance, or any other class protected by Federal, State, local laws governing nondiscrimination in employment.