Farmers & Merchants Bank of Long Beach · 10 hours ago
Chief Information Security Officer
Seal Beach, CA
Full-time
Onsite
Director/Executive
$221K/yr - $410K/yr
10+ years expFarmers & Merchants Bank of Long Beach is seeking a Chief Information Security Officer (CISO) to develop and govern the Bank’s enterprise-wide Information Security Program. This role is responsible for managing cybersecurity risks, ensuring regulatory compliance, and leading the Bank's Security team to protect sensitive financial data and technological infrastructure.
BankingFinancial ServicesLending
Responsibilities
Support the Chief Risk Officer in ensuring a strong, resilient, and adaptable second line of defense (2LOD), as it relates to information security, to meet the changing requirements in banking
Embrace the role of a technology risk officer
Ensure the Bank complies with federal and state regulations including but not limited to GLBA, HIPPA, PCI-DSS, CCPA, NIST, and FFIEC guidelines
Evolve, maintain, and communicate a clear information security vision and program to minimize risk, ensuring integrity, confidentiality, and availability of data
Ensure annual Board reporting, policy review/approval, and governance consistent with GLBA
Evolve, maintain, and enforce the Information Security Program, policies, procedures, and standards
Evolve, maintain, and enforce the Physical Security Program, policies, and procedures
Maintain measurable security metrics/KRIs and present high quality, decision-making useful dashboards to executives and the Board
Align program maturity and reporting to NIST CSF 2.0 outcomes
Manage and be responsible for control testing in accordance with ERM standards and ensure compliance with network, hardware, and software security standards
Manage and be responsible for the GLBA and other information security risk assessments in accordance with ERM standards
Identify, evaluate, and prioritize security risks across the Bank, implementing, and managing a framework to mitigate these risks
Lead security operations, threat detection, continuous monitoring, digital forensics, and incident response
Conduct periodic simulations and tabletop exercises; maintain regulator ready playbooks
Govern vulnerability management and penetration testing, ensuring timely risk-based remediation
Lead the Computer Security Incident Response Team (CSIRT) to detect, contain, investigate, and recover from cyberattacks
Define enterprise security architecture incorporating zero trust, cloud security models, network segmentation, encryption baselines, identity governance, and telemetry
Oversee design and integration of security requirements into technology development, acquisition, and maintenance (DA&M)
Partner with Technology leadership to shape resilient, scalable architectures that meet regulatory expectations while enabling innovation
Communicates technology risk tradeoffs and investment needs in business terms
Monitor security trends, new regulations and innovative technologies, identify strategies and techniques to address new challenges
Partner with Information Technology teams to evolve the Bank’s technology architecture and posture while ensuring the safety of the Bank’s data and network
Govern enterprise IAM, including provisioning, de provisioning, privileged access, and continuous monitoring
Enforce MFA or equivalent-strength controls across workforce, third parties, and high-risk system access, consistent with FFIEC Authentication & Access guidance
Drive culture changes around least privilege, access hygiene, and secure user behaviors across the enterprise
Oversee cyber due diligence, contract control requirements, and continuous monitoring of critical vendors and service providers, aligned with FFIEC Outsourcing guidance
Influence procurement, legal, risk, and business owners to adopt a secure by design approach to third party engagements
Oversee the security practices of vendors and third-party service providers. Coordinate with Third-Party Risk management and Information Technology teams
Ensure independent testing, internal audit reviews, and third-party assessments of the security program, consistent with FFIEC expectations
Track and close findings; provide examiners and auditors with complete, timely, and accurate evidence
Serve as primary executive interface with regulators on cyber matters; demonstrate transparency, discipline, and command of program details
Manage and be responsible for the GLBA and other information security risk assessments in accordance with ERM standards
Organize and lead efforts to progress towards, secure and maintain SOC and ISO certification
Manage and develop the Bank Security team
Develop and deliver training programs to educate staff on security best practices
Oversee enterprise security awareness and phishing simulations
Prepare annual budgets and manage them
Perform other duties as assigned by management
Qualification
Required
Bachelor's degree in cybersecurity, information systems, computer science, engineering, or related field
10–15+ years in cybersecurity, information security, or technology risk; 5+ years must be in a regional bank (or comparable regulated financial institution)
Must have the proven ability to serve as an effective member of a senior management team, be an effective leader to a team of highly trained personnel and consultants; form, manage and lead committees and interact effectively with law enforcement agencies, risk and data managers, auditors, consultants, vendors, and stakeholders
Demonstrated success presenting to Boards and regulators; direct experience with FFIEC exams
Experience leading SOC/IR, IAM modernization, resilience programs, and third-party risk assurance
Experience governing cyber programs aligned to NIST CSF 2.0 and FFIEC expectations
Strong English language communication skills (spoken and written) with the ability to communicate complex security risks and technologies to non-technical stakeholders
Deep understanding of applicable regulatory frameworks and guidance
Deep understanding of cybersecurity architecture: zero-trust, cloud workload security, network segmentation, IAM/PAM, encryption, logging/ telemetry
Deep understanding of cyber operations: threat hunting, incident response, digital forensics, SOC operations, vulnerability management, secure SDLC
Deep understanding of supply chain cyber risk: due diligence, contractual controls, continuous monitoring, and resilience expectations
Able to think strategically, exercise good judgement and effectively improve critical thinking skills
Strong leadership skills, able to motivate and drive behaviors and success
Excellent People Skills including active listening
Customer Service Skills
Time Management Skills
Detail Oriented
Ability to work both independently and with others at all levels
Ability to mentor junior team members
Preferred
Master's degree preferred (cybersecurity, information assurance, business, or technology management)
Professional Certifications (Preferred): CISSP, CISM, CRISC, CISA, CCSP, or GIAC level technical certifications
Company
Farmers & Merchants Bank of Long Beach
Founded in Long Beach in 1907 by C.J.
501-1000 employees
H1B Sponsorship
Farmers & Merchants Bank of Long Beach has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)
2021 (1)
Funding
Current Stage
Public CompanyTotal Funding
$200M2025-10-20Post Ipo Equity· $200M
1997-03-27IPO
Leadership Team
Melissa Lanfre
EVP and Chief Operating Officer
Kathleen Salmons
SVP/Chief Risk Officer
Recent News
2026-01-20
2025-06-03
Talk Business & Politics
2025-03-06
Company data provided by crunchbase