Director of IT Security

As the Director of Security, you keep BWE secure while we move boldly forward. You lead with vigilance and vision - protecting systems, data, and people as we embrace digital transformation and AI innovation. We depend on your leadership to manage risk, guide compliance, and build a culture of proactive security. Your work safeguards our foundation and enables our future. 

Responsibilities: 

• Define and execute the enterprise security strategy in alignment with organizational goals, risk appetite, and BWE's AI-native transformation initiatives. 
• Oversee and continuously assess BWE's cybersecurity posture, including threat detection, incident response, and risk management while preparing security frameworks for AI tool deployment and citizen development initiatives. 
• Lead security governance efforts, including policy development, training, and compliance with regulatory and contractual standards (e.g., SOC 2, GLBA) while establishing frameworks for AI governance and responsible technology deployment. 
• Collaborate with IT, legal, operations, and business leaders to identify and mitigate security risks across systems, data, vendors, and emerging AI technologies. 
• Evaluate and manage third-party tools, security services, and vendor relationships including AI platform security assessments and vendor risk management. 
• Serve as the executive point of contact for security audits, incidents, and client inquiries while ensuring transparent communication about security posture and AI-related risk management. 
• Monitor emerging threats and security trends, particularly AI-related security risks; recommend improvements to technology and process safeguards. 
• Lead internal incident response planning, tabletop exercises, and post-incident analysis with particular focus on AI-related security scenarios. 
• Partner with AI leadership to establish AI security governance frameworks including data protection, model security, and algorithmic transparency requirements. 
• Establish security standards and oversight for citizen development initiatives, ensuring business-user-created automation meets security and compliance requirements. 
• Lead, coach, and develop security team members while building capabilities in AI security, cloud security, and modern threat detection. 
• Drive security culture transformation across the organization, moving from compliance-focused to risk-intelligent security practices that enable business innovation. 

Near-Term Deliverables: 

• Conduct comprehensive security posture assessment including current capabilities, gaps, and transformation requirements with prioritized remediation roadmap aligned to BWE's strategic initiatives. 
• Develop AI security governance framework addressing model security, data protection, prompt injection prevention, and AI vendor risk management with implementation timeline. 
• Establish security metrics dashboard tracking key indicators (incident response times, vulnerability remediation rates, compliance scores, training completion) with executive reporting cadence. 
• Create citizen development security guidelines and governance framework ensuring business-user automation meets security standards without hindering innovation. 
• Research and recommend AI-powered security tools for threat detection, incident response, and security monitoring with cost-benefit analysis and implementation roadmaps. 
• Lead tabletop exercises focused on AI-related security scenarios including data breaches, model manipulation, and vendor service disruptions. 
• Establish a vendor security assessment framework specifically addressing AI platform providers and their security, privacy, and compliance capabilities. 
• Complete advanced security training in AI security, zero trust architecture, or cloud security frameworks with demonstrated competency and application to BWE's environment. 
• Partner with business leadership to create a security awareness program that builds security culture while enabling AI adoption and digital transformation. 
• Develop security incident response procedures specifically for AI-related incidents including model failures, data exposure, and algorithmic bias detection. 

Minimum Qualifications: 

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field; Master's degree preferred. 
• 7+ years of progressive cybersecurity experience with 3+ years in leadership roles. 
• Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, SOC 2) and regulatory compliance (GLBA, SOX, etc.). 
• Experience leading incident response, risk management, and security governance programs. 
• Proven track record managing security audits and regulatory examinations. 
• Experience with cloud security, identity and access management, and modern security architectures. 
• Knowledge of AI/ML security considerations and emerging technology risk management. 
• Strong understanding of CRE and/or financial services regulatory and compliance requirements. 
• Excellent leadership, communication, and stakeholder management skills. 
• Ability to translate technical security concepts into business risk language for executive audiences. 

Preferred Qualifications: 

• Relevant security certifications (CISSP, CISM, CRISC, or equivalent). 
• Experience with zero trust architecture and modern security frameworks. 
• Knowledge of AI governance, algorithmic bias, and responsible AI deployment. 
• Experience in mortgage banking, lending, or financial services industry. 
• Previous experience building security programs during digital transformation initiatives. 
• Advanced degree in Cybersecurity, Risk Management, or related field.

We encourage you to explore the career opportunities we have available here at BWE!