Cyber & Data Protection Architect (Remote work is a possibility)

Position Summary

The position is focused on improving and modernizing the current cyber security and data protection technologies for the business. The Cyber and Data Protection Architect is highly strategic, requires prior hands on technical cyber security engineering experience and will have the responsibility to provide data security direction and guidance for all data protection initiatives. The Architect will play a key role in ensuring consistent implementation of data security controls and security and privacy by design principles within the organization, and to help understand where sensitive data resides, and how to protect it. The role requires cyber security and data security industry knowledge, leadership, and collaboration skills to work with Senior/Executive Leaders, Program Management Office, Data Owners, Data Custodians, IT Teams, Confidential and Privacy Champions, Compliance, Risk, etc. in a cross functional environment.

Through collaboration and cross-functional relationships with systems and business groups, this position will lead the function that applies research, design, processes, and execution excellence to deliver compelling cyber security and data protection strategies, roadmaps, and services directly aligned to our business strategy. This position will also partner with the business teams to ensure our employees and customers' security and data protection needs are understood, prioritized, and proactively delivered through the IT and business process.

This architect will be an expert at designing and developing cyber security strategy. The architect must understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analysis and identifying risk associated with business processes and operations.

Major Responsibilities

• Create strategies to drive efficiency while working closely with the business, vendors, and internal technology teams to facilitate innovation to solve real business problems.
• Act as a subject matter expert in the areas of Data Classification and Rights Management, Key and Certificate Management, Web Protection/CASB service, data loss prevention, data access governance, cloud data loss prevention, cloud access security broker, data encryption and other data protection related technologies.
• Drive the implementation of appropriate controls around the use, storage, management, and distribution of unstructured data within the organization.
• Support the Data Classification and Rights Management Service Owner in adoption, growth and roll out of the service within the organization.
• Review technology designs with analysts, focusing on data protection principles and technologies, taking local, regional and US regulatory requirements into account (e.g. SOX, GLBA, CCPA, HIPAA, PCI etc.).
• Communicate and serve as a Technical Subject Matter Expert overseeing the implementation of data security solutions required to meet business objectives.
• Lead the technical configuration, implementation, administration and management of multiple data protection cyber security products and solutions.
• Perform vendor evaluations and proof of concepts for service improvements, in-flight projects, and emerging technologies.
• Investigate, design & architect cyber data protection controls as they are identified.
• Provide consultation to product/engineering teams and stakeholders on business processes and existing system functionality to ensure technical and business aspects of solutions are aligned to the proposed value.
• Participate in evaluations of off-the-shelf software packages to ensure they meet business and technical requirements.
• Assist with the implementation and translation of data security policies.
• Establish effective working relationships across various line of business and IT to understand business requirements to assist with the execution of the business strategy.
• Be up to date on industry trends around cyber risk and data protection practices
• Lead vendor evaluation efforts, including creation of RFPs and selection recommendation.
• Thoroughly understand the direction, goals, and the competitive environment of the Bank and determine how architecture choices can add value to the organization
• Create proposals for solving high-impact business problems and gain buy-in from business and technical leadership teams involved in the delivery.
• Identify solutions which leverage existing capabilities and standard process methods wherever possible.
• Work with product and engineering teams to understand the tradeoffs of potential solutions and how they fit into product roadmaps.
• Other duties as assigned.

Other Responsibilities

• Maintains a current understanding of Bank policies and procedures in compliance with all federal and state laws, including but not limited to Reg B, FCRA, FDCPA, Bank Secrecy Act (SARs, CIP, OFAC), Information Security (GLBA), Identity Theft Red Flags, Financial Elder Abuse Reporting, Consumer CFPB rules, and any other applicable regulations that may be specific to the position.
• Lead the technical configuration, implementation, administration and management of multiple data protection cyber security products and solutions
• Lead and define vendor evaluations and proof of concepts for service improvements, in-flight projects, and emerging technologies
• Participate in the development and regular testing of Disaster Recovery and Business Continuity solutions.
• Contribute to the continuous improvement of TCB IT through application of ITIL Service Delivery practices.
• Design, develop, install, and maintain operating systems, utilities, and applications software on computing systems.
• Resolve system emergencies with significant impact on the integrity of user data and systems.
• Establish software/hardware standards and systems policies and procedures.

Education, Experience And Other Skills Required

• Bachelor's or Master's degree in a technology related field (e.g. Computer Science, Cyber Assurance, etc.) required.
• 15+ years of cyber and data security architecture, design, and development delivery experience.
• At least one professional cyber security certification designation required such as CISSP, CISA, CISM, CCSP, CEH, SANS GIAC, CRISC, CompTIA Security+ etc.
• Hands on experience in Cyber Data Protection technologies such as: Key and Certificate Lifecycle Management Technology, EDR/XDR, CASB, Web Protection, DNS, Data Classification and Rights Management, Data Encryption, DLP, Public Key Infrastructure Platform.
• Broad knowledge and experience across IT infrastructure with security frameworks and standards such as ISO 27001/27002, NIST CSF, and other relevant security-related regulations such as GLBA, CCPA, PCI, HIPAA, SOX etc.
• Enterprise scale expertise in data management standard methodologies such as data integration, data security, data warehousing, data analytics, metadata management and data quality.
• Expert ability to analyze cost and performance in data solutions and recommend improvement for optimization.
• Ability to understand and adapt to changing business priorities and technological advancements.
• Willingness to partner effectively with technology business partners across the Bank.
• Possess an affinity for creative problem solving as it relates to overcoming technical challenges, focused on how we can solve problems, not why we can't.
• Experience in product delivery and architecture, including as an Architect of cloud solutions
• Knowledge and experience with Information Security Risk and Security governance.
• Demonstratable experience in designing and implementing enterprise scale systems
• Proven ability to influence the strategic direction of business solutions
• Excellent verbal and written communication skills, open and honest when facing challenges and issues
• Ability to think both strategically and tactically

Company Profile

Established in 1975, Tri Counties Bank is a wholly-owned subsidiary of TriCo Bancshares (NASDAQ: TCBK) headquartered in Chico, California, with assets of over $10 billion and more than 45 years of financial stability. Tri Counties Bank provides a unique brand of Service With Solutions® for communities throughout California with a breadth of personal, small business and commercial banking services, plus an extensive branch network, more than 37,000 surcharge-free ATMs nationwide, and advanced online and mobile banking.

Tri Counties Bank remains strong and profitable through our top-down commitment to our core values, sound business principles and responsible lending practices.

Our success is also based on our community engagement. We still believe in the vision of the helpful and caring community banker. As we grow and serve more communities, we become more involved, providing substantial financial and volunteer support to local economies and community organizations. We applaud our employees who roll up their sleeves to work and volunteer for a greater good in our communities.

Tri Counties Bank is an Affirmative Action and Equal Opportunity Employer, Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Disability/Veteran.