BWE

Director, IT Security

BWE

full-time

Posted on:

Origin:  • 🇺🇸 United States • Ohio

Visit company website
AI Apply
Manual Apply

Job Level

Lead

Tech Stack

CloudCyber Security

About the role

  • Define and execute the enterprise security strategy in alignment with organizational goals, risk appetite, and BWE's AI-native transformation initiatives.
  • Oversee and continuously assess BWE's cybersecurity posture, including threat detection, incident response, and risk management while preparing security frameworks for AI tool deployment and citizen development initiatives.
  • Lead security governance efforts, including policy development, training, and compliance with regulatory and contractual standards (e.g., SOC 2, GLBA) while establishing frameworks for AI governance and responsible technology deployment.
  • Collaborate with IT, legal, operations, and business leaders to identify and mitigate security risks across systems, data, vendors, and emerging AI technologies.
  • Evaluate and manage third-party tools, security services, and vendor relationships including AI platform security assessments and vendor risk management.
  • Serve as the executive point of contact for security audits, incidents, and client inquiries while ensuring transparent communication about security posture and AI-related risk management.
  • Monitor emerging threats and security trends, particularly AI-related security risks; recommend improvements to technology and process safeguards.
  • Lead internal incident response planning, tabletop exercises, and post-incident analysis with particular focus on AI-related security scenarios.
  • Partner with AI leadership to establish AI security governance frameworks including data protection, model security, and algorithmic transparency requirements.
  • Establish security standards and oversight for citizen development initiatives, ensuring business-user-created automation meets security and compliance requirements.
  • Lead, coach, and develop security team members while building capabilities in AI security, cloud security, and modern threat detection.
  • Drive security culture transformation across the organization, moving from compliance-focused to risk-intelligent security practices that enable business innovation.
  • Near-Term Deliverables: Conduct comprehensive security posture assessment including current capabilities, gaps, and transformation requirements with prioritized remediation roadmap aligned to BWE's strategic initiatives.
  • Develop AI security governance framework addressing model security, data protection, prompt injection prevention, and AI vendor risk management with implementation timeline.
  • Establish security metrics dashboard tracking key indicators (incident response times, vulnerability remediation rates, compliance scores, training completion) with executive reporting cadence.
  • Create citizen development security guidelines and governance framework ensuring business-user automation meets security standards without hindering innovation.
  • Research and recommend AI-powered security tools for threat detection, incident response, and security monitoring with cost-benefit analysis and implementation roadmaps.
  • Lead tabletop exercises focused on AI-related security scenarios including data breaches, model manipulation, and vendor service disruptions.
  • Establish a vendor security assessment framework specifically addressing AI platform providers and their security, privacy, and compliance capabilities.
  • Complete advanced security training in AI security, zero trust architecture, or cloud security frameworks with demonstrated competency and application to BWE's environment.
  • Partner with business leadership to create a security awareness program that builds security culture while enabling AI adoption and digital transformation.
  • Develop security incident response procedures specifically for AI-related incidents including model failures, data exposure, and algorithmic bias detection.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field; Master's degree preferred.
  • 7+ years of progressive cybersecurity experience with 3+ years in leadership roles.
  • Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, SOC 2) and regulatory compliance (GLBA, SOX, etc.).
  • Experience leading incident response, risk management, and security governance programs.
  • Proven track record managing security audits and regulatory examinations.
  • Experience with cloud security, identity and access management, and modern security architectures.
  • Knowledge of AI/ML security considerations and emerging technology risk management.
  • Strong understanding of CRE and/or financial services regulatory and compliance requirements.
  • Excellent leadership, communication, and stakeholder management skills.
  • Ability to translate technical security concepts into business risk language for executive audiences.
  • Preferred: CISSP, CISM, CRISC, or equivalent.
  • Experience with zero trust architecture and modern security frameworks.
  • Knowledge of AI governance, algorithmic bias, and responsible AI deployment.
  • Experience in mortgage banking, lending, or financial services industry.
  • Previous experience building security programs during digital transformation initiatives.
  • Advanced degree in Cybersecurity, Risk Management, or related field.