Chief Information Risk Officer

Brief Overview of Position

The Chief Information Risk Officer (CIRO) is responsible for the development, implementation, and management of the information risk strategy. Reporting to the Chief Risk Officer, the CIRO oversees and provides effective challenge to the first line of defense CISO organization and provides independent reporting to the Board of Directors for cybersecurity, data privacy, risk management, and regulatory compliance. The CIRO will work closely with other executive leaders to ensure information risk initiatives align with business goals while safeguarding the organization from internal and external threats.
 

Responsibilities

•    Develop and implement a comprehensive information risk strategy and written information security program that includes information, and cyber security.
•    Collaborate with executive leadership to align information risk goals with the organization’s strategic objectives.
•    Report key risks and metrics to the Board of Directors and the Enterprise Risk Committee.
•    Oversee and challenge the first line implementation of cybersecurity policies, procedures, cloud security posture and technologies.
•    Provide independent and effective challenge to first line of defense cyber security to ensure the protection of IT infrastructure, networks, and sensitive data from cyber threats, breaches, and attacks.
•    Manage the identification, monitoring, and response to potential security incidents.
•    Identify and assess security risks, vulnerabilities, and potential threats across the organization.
•    Ensure compliance with relevant laws, regulations, and industry standards
•    Develop audit processes and oversee external audits or assessments.
•    Deliver annual assessments of the information security program and maturity rating.
•    Assess and challenge the use of artificial intelligence (AI) and machine learning technologies within the organization, ensuring appropriate security controls, bias mitigation, and compliance with emerging AI regulations.
•    Monitor and respond to AI-driven security threats, including adversarial AI attacks, deepfake fraud, and automated phishing campaigns, developing policies and countermeasures to protect the organization against evolving AI-enabled risks.
•    Develop and implement plans for incident management, disaster recovery, and business continuity in the event of security breaches.
•    Lead initiatives to protect personal, customer, and organizational data.
•    Implement strategies to mitigate risks related to data breaches and unauthorized access to sensitive information.
•    Design and implement security awareness programs for employees, including training on recognizing potential threats (e.g., phishing, social engineering).
•    Foster a culture of security within the organization to encourage proactive risk management behaviors.
•    Lead the organization’s response to security incidents, ensuring timely and effective resolution.
•    Develop and maintain crisis management protocols, including communication strategies with internal and external stakeholders.
•    Identify and evaluate new technologies, tools, and services that can enhance the organization’s risk posture

Qualifications

•    Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent
•    Masters degree in relevant discipline preferred
•    15+ years of related experience
•    Proven experience in a senior leadership role, ideally in a corporate or large-scale organization.
•    Experience in the finance and banking industry is preferred
•    Extensive knowledge of information security principles, including risk management, threat analysis, security architecture, and incident response.
•    Strong understanding of regulatory requirements and compliance standards.
•    Excellent communication and leadership skills, with the ability to influence decision-making at the executive level.
•    Relevant certifications such as CISSP, CISM, or CISA are preferred.
•    Working knowledge and experience with key regulatory entities and related regulations, including the FDIC, FFIEC, CFPB, and FINRA.
•    Deep knowledge of banking regulations, including OCC supervisory expectations for technology and cybersecurity risk.
•    Demonstrated expertise in GLBA, SOX, and PCI-DSS compliance requirements and their operational implications.
•    Proficiency applying the NIST Cybersecurity Framework to enterprise risk management programs.
•    Experience managing regulatory examinations and responding to findings across multiple frameworks simultaneously.
 

The duties listed above are the essential functions, or fundamental duties within the job classification.  The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.