Home › Companies › Cbc61a9e 850d 4133 Ba7a 16f730256632 19000101 000001 › Director of Information Security
Director of Information Security
Cbc61a9e 850d 4133 Ba7a 16f730256632 19000101 000001 · St. Cloud, MN, US, St. Cloud, MN · Hybrid · Active · $120,000–$190,000 / year · ADP Workforce Now Recruiting
Job facts
| Field | Value |
|---|---|
| Company | Cbc61a9e 850d 4133 Ba7a 16f730256632 19000101 000001 |
| Title | Director of Information Security |
| Normalized title | - |
| Department / team | - |
| Location | St. Cloud, MN, United States |
| Work model | Hybrid / Hybrid |
| Employment type | Full Time |
| Salary | $120,000–$190,000 / year |
| Status | active |
| ATS provider | ADP Workforce Now Recruiting |
| Posted / first seen | 2026-03-04 / 2026-05-31 |
| Changed / last seen | 2026-06-06 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Cbc61a9e 850d 4133 Ba7a 16f730256632 19000101 000001. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through ADP Workforce Now Recruiting. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in St. Cloud. | Open |
| Work model jobs | Active Hybrid postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Cbc61a9e 850d 4133 Ba7a 16f730256632 19000101 000001 |
| Source | 1858c471-3201-4053-a118-e39527a3f0a0 |
| ATS provider | ADP Workforce Now Recruiting |
Description
At Stearns Bank, we’re helping people, entrepreneurs, small businesses, and local communities nationwide reach their full financial potential. Sound like something you want to be a part of? If so, we’re currently looking for a Director of Information Security. This is a connected mobile role.
Come see how we’re doing business unusual and charting our own path to reimagine a more inclusive financial services and banking ecosystem for all.
BENEFITS
Stearns Bank understands and respects that everyone is managing unique career, family, and wellness needs. That’s why we offer industry-leading benefits to employees to help them live healthy lives and bring their full selves to work every day. Benefits may vary for part-time positions. Some of those benefits include:
Employee Stock Ownership Plan & 401k Plan Healthcare (Medical, Dental, Vision, Telehealth, Life insurance) 12-week Paid Parental Leave and Medical Leave: With a cap of 20 weeks for eligible team members who qualify for both Medical and Parental Leave related to the birth of a child $5,000 Family Care Reimbursement: Childcare, Elder Care, Student Loan Debt, Pet expenses, Down Payment Assistance PTO from 13 to 23 days depending on tenure. Cashout and Carryover options 10 Days Sick Time 11 Paid Holidays 4 Days Volunteer Time 2 Days Self Allowance Time Tuition Assistance For this position, we anticipate an annual salary range between $120,000 - $190,000. Final employment offers will be dependent upon the selected candidate’s relevant qualifications and experience.
JOB SUMMARY: The Director of Information Security is the Bank’s designated Information Security Officer, and is responsible for leading and evolving Stearns Bank’s enterprise information security, technology risk and infrastructure security strategy.
Operating within the Risk organization, this role provides second-line governance, challenge, and advisory oversight across the Bank’s technology ecosystem, including infrastructure, cloud platforms, core systems, digital initiatives, and fintech partnerships.
The role ensures the confidentiality, integrity, availability and resilience of the Bank’s information systems while advancing modernization of infrastructure, data protection capabilities and emerging technology governance.
The Director serves as the Bank’s senior security authority, aligning cybersecurity, infrastructure architecture, cloud strategy, vendor risk oversight, and regulatory compliance into a unified enterprise program consistent with OCC, FDIC, FFIEC, GLBA, and other regulatory expectations.
This role balances strategic leadership, regulatory accountability, and technical depth.
PRIMARY RESPONSIBILITIES
Enterprise Security Strategy & Governance
Lead and continuously evolve the Bank’s Information Security Program aligned with 12 CFR Part 30, Appendix B, the FFIEC Information Security Booklet, the OCC Cybersecurity Supervision Work Program, NIST CSF, and regulatory guidance. Conduct or direct the annual enterprise-wide IT risk assessment using NIST CSF 2.0, the CRI Profile, or equivalent framework, identifying threats, vulnerabilities, and risk levels for all information assets. Develop and execute a multi-year enterprise security roadmap aligned with business strategy and modernization initiatives. Manage the cybersecurity self-assessment process using the Bank’s selected framework, the Cyber Risk Institute Framework, ensuring findings are documented, tracked, and reported to the Board. Serve as the primary security advisor to executive leadership and Board committees. Provide regulator reporting on cyber risk posture, threat landscape and remediation status.
Infrastructure & Architecture Security Alignment
Partner with IT Infrastructure and Transformation leaders to ensure security-by-design across: Network architecture Cloud platforms Endpoint management API security architecture Identity & access management Core banking and fintech integrations Artificial Intelligence (AI) integrations Establish secure architecture standards for hardware, networking, segmentation, encryption and endpoint detection. Drive adoption of modern security principles including Zero Trust architecture and secure cloud governance. Oversee the vulnerability management and patch management lifecycle, monitoring remediation timelines against risk-based SLAs and escalating deficiencies to senior management.
Cybersecurity Operations & Emerging Threat Management
Oversee: Threat detection and response, Incident response program, Penetration testing and vulnerability management, SOC oversight Monitor evolving cyber threats, AI-driven risks and geopolitical threat activity. Lead incident response coordination and regulatory notification processes when required.
Third-Party & Technology Risk Oversight
Lead and Chair the Vendor Management and Third-Party Risk program. Conduct information security due diligence on all prospective fintech partnerships during the planning and selection stages of the third-party risk management lifecycle Review and evaluate SOC 2 Type 2 reports, penetration test results, vulnerability assessments, and BCP/DR documentation for all third-parties (including fintech partners) at least annually, or more frequently for critical relationships. Participate in the Bank’s Fintech Committee providing independent risk opinions on information security dimensions of new and existing partnerships. Assess security architecture of API integrations, data flows, and credential management between the Bank and third-parties, ensuring encryption in transit and at rest, access controls, and monitoring are commensurate with risk. Monitor fintech partner compliance with the Bank’s information security requirements on an ongoing basis, including incident notification obligations under contractual SLAs. Evaluate fourth-party (subcontractor) risk for critical fintech partners, ensuring contractual provisions address subcontractor security standards, approval requirements, and audit rights. Evaluate emerging technologies and associated risk profiles prior to deployment. Ensure bank service provider contracts include notification obligations that meet regulatory requirements, and that designated points of contact are current. Coordinate with critical third-party service providers to assess their BCP/DR capabilities and resilience, including review of TSP continuity testing results.
Regulatory & Audit Leadership
Serves as primary security liaison for all IT Audits. Serve as primary security liaison for OCC, FDIC, and external examiners. Maintain compliance with GLBA, FFIEC IT Handbook, NIST, PCI and SOC reporting standards. Oversee timely remediation of any audit or regulatory findings. Ensure compliance with notification requirements of all relevant regulatory agencies and documented decision criteria for determining when a “notification incident” has occurred. Maintain the Bank’s state breach notification matrix and coordinate customer notification processes in compliance with applicable state laws for each jurisdiction where affected customers reside.
Data Protection & Modern Governance
Oversee: Data classification standards, Data Loss Prevention (DLP), Encryption standards, Secure data lifecycle management Align information security with enterprise data governance initiatives. Monitor the CFPB’s evolving data security enforcement posture and ensure the Bank maintains multi-factor authentication, adequate password management, and timely patching to mitigate UDAAP exposure. Track developments in the Section 1033 Personal Financial Data Rights rulemaking and assess implications for the Bank’s data-sharing security controls, API standards, and authorized third-party oversight. Coordinate with Legal and Compliance on data protection requirements arising from state privacy laws, ensuring appropriate controls are in place for each jurisdiction where the Bank operates or serves customers.
Business Continuity & Operational Resilience
Own the enterprise Business Continuity Management. Oversee Business Continuity and Disaster Recovery frameworks in partnership with enterprise risk. Ensure cyber resilience testing and tabletop exercises are conducted regularly. Integrate operational resilience planning into infrastructure modernization efforts. Direct the Business Impact Analysis process, establishing Recovery Time Objectives (RTO), Recovery Point Objectives (RPO), and Maximum Tolerable Downtime (MTD) for all critical business functions Ensure BCP/DR plans address ransomware-specific recovery scenarios, including air-gapped and immutable backup validation, and that restoration procedures are tested at least annually Lead enterprise security awareness and training programs. Foster a culture of security ownership across all business lines. Partner with HR and leadership to embed security accountability into performance management, including phishing simulations and role-based training for privileged users.
Emerging Technology & AI Governance
Establish and maintain the Bank’s AI and emerging technology acceptable use policy, define approved use cases, prohibited activities, and approval workflows for all AI tools deployed internally or through third-party and fintech partner relationships in collaboration with Digital Transformation, Information Technology, and Fintech teams. Classify each AI tool as a “model” or “non-model” under the OCC’s model risk management framework, and apply risk-proportionate governance controls including documentation, validation frequency, and ongoing monitoring commensurate with each tools’ materiality and complexity. Conduct or coordinate information security risk assessments for all AI deployments, evaluating data ingestion controls, training data integrity, prompt injection and adversarial attack vectors, output monitoring, access controls, and data leakage prevention. Implement shadow AI detection and prevention controls to identify unauthorized AI tool usage by employees, contractors, and fintech partners, including monitoring for unapproved cloud-based AI services and browser-based AI plugins accessing Bank data. Evaluate the Bank’s AI vendor contracts for information security adequacy, including provisions for model documentation and audit rights, restrictions on use of Bank data to train other models, material model change notification requirements, subcontractor disclosure, and regulatory examination access. Monitor and report to senior management on the evolving AI regulatory landscape, including OCC guidance, the Treasury Financial Services AI Risk Management Framework, NIST AI Risk Management Framework 1.0, state AI laws, and federal preemption developments affecting the Bank’s compliance obligations. Evaluate and determine if the Bank should adopt the Treasury Financial Services AI Risk Management Framework’s AI Adoption Stage Questionnaire and applicable control objectives as the Bank’s primary governance framework, scaled to the Bank’s current AI maturity and risk profile. Include AI governance status, emerging technology risks, and AI-related incidents or findings in the quarterly Board Risk Committee report and the annual Appendix B report.
Designated Security Officer Responsibilities
Serve as the Bank’s formally designated Security Officer. Administer and periodically review the Bank’s written Security Program addressing robbery prevention, physical safeguards and employee safety. Ensure appropriate security devices and procedures are in place across all banking offices and facilities, including alarm systems, surveillance, access controls and cash handling safeguards. Coordinate with Director of Branch leadership and Operations on physical security risk assessments and mitigation strategies; serve as Chair of the Physical Security Committee conducting quarterly meetings. Provide periodic reporting to Executive Management and the Board of Directors regarding physical security risks and program effectiveness.
REQUIREMENTS
Occasionally lift and/or move up to 25 lbs. Ability to understand and follow instructions in English. Ability to sit for extended periods of time, twist, bend, sit, walk use hands to twist, handle or feel objects, tools or controls, such as computer mouse, computer keyboard, calculator, stapler, telephone, staple puller, etc., reach with hands and arms, balance, stoop, kneel, talk or hear. Specific vision abilities required by the job include close vision, distance vision, peripheral vision, depth perception and the ability to adjust focus.
EXPERIENCE
10+ years of progressive experience in cybersecurity, infrastructure security, or enterprise technology risk. Experience in a regulated financial institution (OCC or FDIC supervised preferred). Demonstrated experience leading security strategy in cloud or hybrid environments. Experience overseeing third-party and fintech technology risk. Demonstrated ability to lead cross-functional initiatives. Experience engaging directly with regulators and auditors. Strong program management capabilities. High integrity, executive presence and clear communication skills. Proven working knowledge of requirements for GLBA, SOC, FFIEC and PCI and OCC and FDIC guidance on data security and IT examination requirements. Experience with auditing processes, including Network Security, SDLC/Change Management and IT related functions. Knowledge of the global IT Risk Regulatory Landscape and Risk Management Model (e.g. Threats, Vulnerabilities, and Controls) Strong technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc.) Experience in developing and maintaining a technology Risk Assessment process. Must be well versed in industry accepted IT control frameworks (e.g. SSAE16/18, SAS70, or ISO17799 audit reports). Project and program management concepts and controls experience. Must possess a high degree of integrity and trust along with strong communication skills and ability to work individually, within a team and with other business groups. Experience or understanding of Disaster Recovery, Business Continuity, and Incident Response initiatives. Must have ability to develop policies and procedures and communicate effectively. Understanding of federal and other regulatory requirements and the ability to keep current. Experience working with federal examiners. Must be open to working on-call. BS/MA degree in related technical and security disciplines. Certifications in data security and/or auditing procedures not required but preferred. Familiarity with banking related software (Fiserv preferred).
THE COMPANY
Founded in 1912, Stearns Financial Services Inc. (SFSI) is a $3.2 billion, independently owned financial institution with locations in Minnesota, Florida and Arizona, and over 35,000 small business customers nationwide. Specializing in affordable housing financing, USDA and SBA lending, and small business and equipment financing, Stearns Bank is regularly recognized as one of the country’s top-performing banks and “Best Banks to Work For” by American Banker .
As a Star Tribune Top Workplaces award recipient and an award recipient of the Minnesota Business Magazine 100 Best Places to Work in Minnesota, Stearns takes pride in their team and holds their employees in extremely high regard. We offer a competitive salary and benefit package including our Employee Stock Ownership Program-one of the best long-term incentive programs in the nation. To learn more about Stearns Bank, visit www. StearnsBank.com
EQUAL OPPORTUNITY EMPLOYER /AFFIRMATIVE ACTION PLAN
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, or creed, religion, sex, marital status, familial status, sexual orientation, national origin, age, disability, veteran’s status, status with regard to public assistance, or any other class protected by Federal, State, local laws governing nondiscrimination in employment.
Full job record
| Job ID | 6afa32b2ee3aaf7a2210918fee3a87b6504bbcc3 |
| Org ID | 4b751378-d7f9-40df-98b5-b47d480c44d8 |
| Source ID | 1858c471-3201-4053-a118-e39527a3f0a0 |
| Board ID | 1858c471-3201-4053-a118-e39527a3f0a0 |
| Provider | adp_workforcenow |
| Provider Job Key | 560593 |
| Title | Director of Information Security |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | St. Cloud, MN, US, St. Cloud, MN |
| Department | — |
| Team | — |
| Employment Type | full_time |
| Workplace Type | hybrid |
| Remote Policy | hybrid |
| Country | United States |
| Region | MN |
| City | St. Cloud |
| Salary Raw | 120000.00 To 190000.00 (USD) Annually |
| Salary Min | 120,000 |
| Salary Max | 190,000 |
| Salary Currency | USD |
| Salary Period | year |
| Source URL | https://workforcenow.adp.com/mascsr/default/mdf/recruitment/recruitment.html?cid=cbc61a9e-850d-4133-ba7a-16f730256632&ccId=19000101_000001&lang=en_US&type=JS&jobId=560593&jwId=9201008983659_1 |
| Apply URL | https://workforcenow.adp.com/mascsr/default/mdf/recruitment/recruitment.html?cid=cbc61a9e-850d-4133-ba7a-16f730256632&ccId=19000101_000001&lang=en_US&type=JS&jobId=560593&jwId=9201008983659_1 |
| First Seen At | 2026-05-31 18:17:21Z |
| Last Seen At | 2026-06-06 12:17:32Z |
| Last Checked At | 2026-06-06 12:17:32Z |
| Last Changed At | 2026-06-06 12:17:32Z |
| Inactive At | — |
| Source Posted At | 2026-03-04 18:27:00Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=adp_workforcenow/board=cbc61a9e-850d-4133-ba7a-16f730256632|19000101_000001/date=2026-06-06/2026-06-06T12-17-32-167Z-2d8ba5be099f2a9c6229fee5a019fa565bc9d8074b329c095b2891db09813eb4.json |
Event Fields
{
"content_hash": "855f00a3314dc611f58519ccc320ebe97136ec8e7bd3539da616da781a27a433",
"source_hash": "d4b389bbecaec3eb588784906f004e5b064740d1b8718f3a25b48c48d08795e3",
"last_changed_at": "2026-06-06T12:17:32.543Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "St. Cloud, MN, US, St. Cloud, MN",
"city": "St. Cloud",
"region": "MN",
"country": "United States",
"is_remote": false,
"confidence": 0.95
},
"salary_max": 190000,
"salary_min": 120000,
"inferred_at": "2026-06-06T12:17:32.543Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "St. Cloud, MN, US, St. Cloud, MN",
"city": "St. Cloud",
"region": "MN",
"country": "United States",
"is_remote": false,
"confidence": 0.95
},
"countries": [
"United States"
]
},
"remote_policy": "hybrid",
"salary_period": "year",
"workplace_type": "hybrid",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"detail": {
"links": [],
"itemID": "9201008983659_1",
"postDate": "2026-03-04T13:27:00.000-05:00",
"payGradeRange": {
"maximumRate": {
"amountValue": 190000,
"currencyCode": "USD"
},
"minimumRate": {
"amountValue": 120000,
"currencyCode": "USD"
}
},
"workLevelCode": {
"shortName": "Full Time"
},
"customFieldGroup": {
"codeFields": [
{
"nameCode": {
"codeValue": "SalaryType"
},
"codeValue": "AN",
"shortName": "Annually"
},
{
"nameCode": {
"codeValue": "SalaryRangeType"
},
"codeValue": "RANGE",
"shortName": "RANGE"
}
],
"dateFields": [
{
"nameCode": {
"codeValue": "PostingDate"
},
"dateValue": "2026-03-04T13:27Z"
},
{
"nameCode": {
"codeValue": "CurrentServerDateTime"
},
"dateValue": "2026-06-06T08:17Z"
}
],
"numberFields": [
{
"numberValue": 0,
"categoryCode": {
"codeValue": "ApplicantCount"
}
},
{
"categoryCode": {
"codeValue": "AwardAmount"
}
}
],
"stringFields": [
{
"nameCode": {
"codeValue": "ExternalJobID"
},
"stringValue": "560593"
},
{
"nameCode": {
"codeValue": "CareerCenterRefId"
}
},
{
"nameCode": {
"codeValue": "GuidelineOid"
}
},
{
"nameCode": {
"codeValue": "CurrencySymbolOrCode"
}
},
{
"nameCode": {
"codeValue": "HomeDepartment"
},
"stringValue": ""
},
{
"nameCode": {
"codeValue": "JobClass"
},
"stringValue": "Management"
},
{
"nameCode": {
"codeValue": "SalaryRange"
},
"stringValue": "120000.00 To 190000.00 (USD) Annually"
}
],
"indicatorFields": [
{
"nameCode": {
"codeValue": "PriortyStatusFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "InternalPostingFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "MinValue"
},
"indicatorValue": true
},
{
"nameCode": {
"codeValue": "IsVsidApplicable"
},
"indicatorValue": true
},
{
"nameCode": {
"codeValue": "IsSassDlReqForExtPostFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "IsSassDlReqForIntPostFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "IsMonetaryFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "IsNonMonetaryFlag"
},
"indicatorValue": false
}
]
},
"requisitionTitle": "Director of Information Security",
"clientRequisitionID": "1273",
"organizationalUnits": [],
"postingInstructions": [],
"additionalProperties": {},
"requisitionLocations": [
{
"address": {
"cityName": "St. Cloud",
"postalCode": "56301",
"countrySubdivisionLevel1": {
"codeValue": "MN"
}
},
"nameCode": {
"shortName": " St. Cloud, MN, US"
},
"aliasNames": []
}
],
"screeningRequirements": [],
"requisitionDescription": "<div><div><div><div><div><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;' data-pasted=\"true\"><span style=\"font-family: tahoma, sans-serif; color: rgb(0, 0, 0); font-size: 18px;\">At Stearns Bank, we’re helping people, entrepreneurs, small businesses, and local communities nationwide reach their full financial potential. Sound like something you want to be a part of? If so, we’re currently looking for a Director of Information Security. This is a connected mobile role. </span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; color: rgb(0, 0, 0); font-size: 18px;\">Come see how we’re doing business unusual and charting our own path to reimagine a more inclusive financial services and banking ecosystem for all.</span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; color: rgb(0, 0, 0); font-size: 18px;\"> </span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><span style=\"font-family: tahoma, sans-serif; font-size: 18px; color: rgb(0, 0, 0);\"><strong><span style=\"border: 1pt none windowtext; padding: 0in;\">BENEFITS</span></strong></span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><span style=\"font-family: tahoma, sans-serif; color: rgb(0, 0, 0); border: 1pt none windowtext; padding: 0in; font-size: 18px;\">Stearns Bank understands and respects that everyone is managing unique career, family, and wellness needs. That’s why we offer industry-leading benefits to employees to help them live healthy lives and bring their full selves to work every day. Benefits may vary for part-time positions. Some of those benefits include:</span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: 0in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Employee Stock Ownership Plan & 401k Plan </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Healthcare (Medical, Dental, Vision, Telehealth, Life insurance)</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">12-week Paid Parental Leave and Medical Leave: With a cap of 20 weeks for eligible team members who qualify for both Medical and Parental Leave related to the birth of a child</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">$5,000 Family Care Reimbursement: Childcare, Elder Care, Student Loan Debt, Pet expenses, Down Payment Assistance</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">PTO from 13 to 23 days depending on tenure. Cashout and Carryover options</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">10 Days Sick Time</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">11 Paid Holidays</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">4 Days Volunteer Time</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">2 Days Self Allowance Time</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Tuition Assistance</li></ul></div><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><span style=\"font-family: tahoma, sans-serif; color: rgb(0, 0, 0); border: 1pt none windowtext; padding: 0in; font-size: 18px;\">For this position, we anticipate an annual salary range between $120,000 - $190,000. Final employment offers will be dependent upon the selected candidate’s relevant qualifications and experience.</span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><span style=\"color: rgb(0, 0, 0);\"><br></span></p><p style='margin-top:0in;margin-right:9.75pt;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:13.8pt;'><span style=\"font-family: tahoma, sans-serif; font-size: 18px; color: rgb(0, 0, 0);\"><strong>JOB SUMMARY:</strong> </span><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">The Director of Information Security is the Bank’s designated Information Security Officer, and is responsible for leading and evolving Stearns Bank’s enterprise information security, technology risk and infrastructure security strategy. </span></p><p style='margin-top:0in;margin-right:9.75pt;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:13.8pt;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Operating within the Risk organization, this role provides second-line governance, challenge, and advisory oversight across the Bank’s technology ecosystem, including infrastructure, cloud platforms, core systems, digital initiatives, and fintech partnerships. </span></p><p style='margin-top:0in;margin-right:9.75pt;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:13.8pt;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">The role ensures the confidentiality, integrity, availability and resilience of the Bank’s information systems while advancing modernization of infrastructure, data protection capabilities and emerging technology governance. </span></p><p style='margin-top:0in;margin-right:9.75pt;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:13.8pt;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">The Director serves as the Bank’s senior security authority, aligning cybersecurity, infrastructure architecture, cloud strategy, vendor risk oversight, and regulatory compliance into a unified enterprise program consistent with OCC, FDIC, FFIEC, GLBA, and other regulatory expectations.</span></p><p style='margin-top:0in;margin-right:9.75pt;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:13.8pt;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">This role balances strategic leadership, regulatory accountability, and technical depth. </span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;text-align:justify;'><span style=\"font-size: 18px; line-height: 107%; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong><u>PRIMARY RESPONSIBILITIES</u></strong></span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Enterprise Security Strategy & Governance </strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Lead and continuously evolve the Bank’s Information Security Program aligned with 12 CFR Part 30, Appendix B, the FFIEC Information Security Booklet, the OCC Cybersecurity Supervision Work Program, NIST CSF, and regulatory guidance. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Conduct or direct the annual enterprise-wide IT risk assessment using NIST CSF 2.0, the CRI Profile, or equivalent framework, identifying threats, vulnerabilities, and risk levels for all information assets.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Develop and execute a multi-year enterprise security roadmap aligned with business strategy and modernization initiatives.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Manage the cybersecurity self-assessment process using the Bank’s selected framework, the Cyber Risk Institute Framework, ensuring findings are documented, tracked, and reported to the Board.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Serve as the primary security advisor to executive leadership and Board committees.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Provide regulator reporting on cyber risk posture, threat landscape and remediation status.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Infrastructure & Architecture Security Alignment</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Partner with IT Infrastructure and Transformation leaders to ensure security-by-design across: </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Network architecture</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Cloud platforms </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Endpoint management</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">API security architecture</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Identity & access management</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Core banking and fintech integrations</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Artificial Intelligence (AI) integrations</li></ul></div><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Establish secure architecture standards for hardware, networking, segmentation, encryption and endpoint detection.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Drive adoption of modern security principles including Zero Trust architecture and secure cloud governance. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Oversee the vulnerability management and patch management lifecycle, monitoring remediation timelines against risk-based SLAs and escalating deficiencies to senior management.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;margin-left:.25in;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Cybersecurity Operations & Emerging Threat Management</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Oversee: Threat detection and response, Incident response program, Penetration testing and vulnerability management, SOC oversight </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Monitor evolving cyber threats, AI-driven risks and geopolitical threat activity. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Lead incident response coordination and regulatory notification processes when required.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;margin-left:.25in;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Third-Party & Technology Risk Oversight</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Lead and Chair the Vendor Management and Third-Party Risk program.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Conduct information security due diligence on all prospective fintech partnerships during the planning and selection stages of the third-party risk management lifecycle </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Review and evaluate SOC 2 Type 2 reports, penetration test results, vulnerability assessments, and BCP/DR documentation for all third-parties (including fintech partners) at least annually, or more frequently for critical relationships.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Participate in the Bank’s Fintech Committee providing independent risk opinions on information security dimensions of new and existing partnerships.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Assess security architecture of API integrations, data flows, and credential management between the Bank and third-parties, ensuring encryption in transit and at rest, access controls, and monitoring are commensurate with risk.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Monitor fintech partner compliance with the Bank’s information security requirements on an ongoing basis, including incident notification obligations under contractual SLAs.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Evaluate fourth-party (subcontractor) risk for critical fintech partners, ensuring contractual provisions address subcontractor security standards, approval requirements, and audit rights.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Evaluate emerging technologies and associated risk profiles prior to deployment.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Ensure bank service provider contracts include notification obligations that meet regulatory requirements, and that designated points of contact are current.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Coordinate with critical third-party service providers to assess their BCP/DR capabilities and resilience, including review of TSP continuity testing results.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;margin-left:.25in;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Regulatory & Audit Leadership</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Serves as primary security liaison for all IT Audits.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Serve as primary security liaison for OCC, FDIC, and external examiners. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Maintain compliance with GLBA, FFIEC IT Handbook, NIST, PCI and SOC reporting standards.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Oversee timely remediation of any audit or regulatory findings.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Ensure compliance with notification requirements of all relevant regulatory agencies and documented decision criteria for determining when a “notification incident” has occurred.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Maintain the Bank’s state breach notification matrix and coordinate customer notification processes in compliance with applicable state laws for each jurisdiction where affected customers reside.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;margin-left:.25in;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Data Protection & Modern Governance</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Oversee: Data classification standards, Data Loss Prevention (DLP), Encryption standards, Secure data lifecycle management</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Align information security with enterprise data governance initiatives.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Monitor the CFPB’s evolving data security enforcement posture and ensure the Bank maintains multi-factor authentication, adequate password management, and timely patching to mitigate UDAAP exposure.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Track developments in the Section 1033 Personal Financial Data Rights rulemaking and assess implications for the Bank’s data-sharing security controls, API standards, and authorized third-party oversight.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Coordinate with Legal and Compliance on data protection requirements arising from state privacy laws, ensuring appropriate controls are in place for each jurisdiction where the Bank operates or serves customers.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;margin-left:.25in;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Business Continuity & Operational Resilience</strong> </span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Own the enterprise Business Continuity Management. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Oversee Business Continuity and Disaster Recovery frameworks in partnership with enterprise risk. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Ensure cyber resilience testing and tabletop exercises are conducted regularly. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Integrate operational resilience planning into infrastructure modernization efforts.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Direct the Business Impact Analysis process, establishing Recovery Time Objectives (RTO), Recovery Point Objectives (RPO), and Maximum Tolerable Downtime (MTD) for all critical business functions</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Ensure BCP/DR plans address ransomware-specific recovery scenarios, including air-gapped and immutable backup validation, and that restoration procedures are tested at least annually</span></li></ul></div><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Lead enterprise security awareness and training programs. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Foster a culture of security ownership across all business lines.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Partner with HR and leadership to embed security accountability into performance management, including phishing simulations and role-based training for privileged users.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Emerging Technology & AI Governance</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Establish and maintain the Bank’s AI and emerging technology acceptable use policy, define approved use cases, prohibited activities, and approval workflows for all AI tools deployed internally or through third-party and fintech partner relationships in collaboration with Digital Transformation, Information Technology, and Fintech teams.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Classify each AI tool as a “model” or “non-model” under the OCC’s model risk management framework, and apply risk-proportionate governance controls including documentation, validation frequency, and ongoing monitoring commensurate with each tools’ materiality and complexity.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Conduct or coordinate information security risk assessments for all AI deployments, evaluating data ingestion controls, training data integrity, prompt injection and adversarial attack vectors, output monitoring, access controls, and data leakage prevention.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Implement shadow AI detection and prevention controls to identify unauthorized AI tool usage by employees, contractors, and fintech partners, including monitoring for unapproved cloud-based AI services and browser-based AI plugins accessing Bank data.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Evaluate the Bank’s AI vendor contracts for information security adequacy, including provisions for model documentation and audit rights, restrictions on use of Bank data to train other models, material model change notification requirements, subcontractor disclosure, and regulatory examination access.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Monitor and report to senior management on the evolving AI regulatory landscape, including OCC guidance, the Treasury Financial Services AI Risk Management Framework, NIST AI Risk Management Framework 1.0, state AI laws, and federal preemption developments affecting the Bank’s compliance obligations.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Evaluate and determine if the Bank should adopt the Treasury Financial Services AI Risk Management Framework’s AI Adoption Stage Questionnaire and applicable control objectives as the Bank’s primary governance framework, scaled to the Bank’s current AI maturity and risk profile.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Include AI governance status, emerging technology risks, and AI-related incidents or findings in the quarterly Board Risk Committee report and the annual Appendix B report.</li></ul></div><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:justify;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>Designated Security Officer Responsibilities</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Serve as the Bank’s formally designated Security Officer.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Administer and periodically review the Bank’s written Security Program addressing robbery prevention, physical safeguards and employee safety. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Ensure appropriate security devices and procedures are in place across all banking offices and facilities, including alarm systems, surveillance, access controls and cash handling safeguards.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Coordinate with Director of Branch leadership and Operations on physical security risk assessments and mitigation strategies; serve as Chair of the Physical Security Committee conducting quarterly meetings.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Provide periodic reporting to Executive Management and the Board of Directors regarding physical security risks and program effectiveness. </li></ul></div><p style='margin:0in;text-align:left;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:left;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>REQUIREMENTS</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Occasionally lift and/or move up to 25 lbs. </li></ul></div><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Ability to understand and follow instructions in English.</li></ul></div><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Ability to sit for extended periods of time, twist, bend, sit, walk use hands to twist, handle or feel objects, tools or controls, such as computer mouse, computer keyboard, calculator, stapler, telephone, staple puller, etc., reach with hands and arms, balance, stoop, kneel, talk or hear.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Specific vision abilities required by the job include close vision, distance vision, peripheral vision, depth perception and the ability to adjust focus.</li></ul></div><p style='margin:0in;text-align:justify;font-size:16px;font-family:\"Times New Roman\",serif;margin-left:.25in;'><span style=\"font-family: tahoma, sans-serif; font-size: 18px; color: rgb(0, 0, 0);\"> </span></p><p style='margin:0in;text-align:left;font-size:19px;font-family:\"Times New Roman\",serif;'><span style=\"font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><strong>EXPERIENCE</strong></span></p><div style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><ul style=\"margin-bottom:0in;list-style-type: disc;margin-left: -0.25in;\"><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">10+ years of progressive experience in cybersecurity, infrastructure security, or enterprise technology risk.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Experience in a regulated financial institution (OCC or FDIC supervised preferred). </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Demonstrated experience leading security strategy in cloud or hybrid environments.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Experience overseeing third-party and fintech technology risk. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Demonstrated ability to lead cross-functional initiatives. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Experience engaging directly with regulators and auditors. </li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Strong program management capabilities.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">High integrity, executive presence and clear communication skills.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Proven working knowledge of requirements for GLBA, SOC, FFIEC and PCI and OCC and FDIC guidance on data security and IT examination requirements.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Experience with auditing processes, including Network Security, SDLC/Change Management and IT related functions.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Knowledge of the global IT Risk Regulatory Landscape and Risk Management Model (e.g. Threats, Vulnerabilities, and Controls)</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Strong technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc.)</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Experience in developing and maintaining a technology Risk Assessment process.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Must be well versed in industry accepted IT control frameworks (e.g. SSAE16/18, SAS70, or ISO17799 audit reports).</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Project and program management concepts and controls experience.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Must possess a high degree of integrity and trust along with strong communication skills and ability to work individually, within a team and with other business groups.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Experience or understanding of Disaster Recovery, Business Continuity, and Incident Response initiatives.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Must have ability to develop policies and procedures and communicate effectively.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Understanding of federal and other regulatory requirements and the ability to keep current.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Experience working with federal examiners.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Must be open to working on-call.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">BS/MA degree in related technical and security disciplines.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Certifications in data security and/or auditing procedures not required but preferred.</li><li style=\"margin: 0in 0in 8pt; font-size: 18px; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\"><span style=\"font-size: 18px; line-height: 107%; font-family: tahoma, sans-serif; color: rgb(0, 0, 0);\">Familiarity with banking related software (Fiserv preferred).</span></li></ul></div><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><br></p><p style='margin-top:0in;margin-right:0in;margin-bottom:8.0pt;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;'><span style=\"font-family: tahoma, sans-serif; font-size: 18px;\"><strong><span style=\"color: black;\">THE COMPANY</span></strong></span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; color: black; font-size: 18px;\">Founded in 1912, Stearns Financial Services Inc. (SFSI) is a $3.2 billion, independently owned financial institution with locations in Minnesota, Florida and Arizona, and over 35,000 small business customers nationwide. Specializing in affordable housing financing, USDA and SBA lending, and small business and equipment financing, Stearns Bank is regularly recognized as one of the country’s top-performing banks and “Best Banks to Work For” by <em>American Banker</em>.</span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; color: black; font-size: 18px;\"> </span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; color: black; font-size: 18px;\">As a Star Tribune Top Workplaces award recipient and an award recipient of the Minnesota Business Magazine 100 Best Places to Work in Minnesota, Stearns takes pride in their team and holds their employees in extremely high regard. We offer a competitive salary and benefit package including our Employee Stock Ownership Program-one of the best long-term incentive programs in the nation. To learn more about Stearns Bank, visit www. StearnsBank.com</span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; color: black; font-size: 18px;\"> </span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; font-size: 18px;\"><strong><span style=\"color: black;\">EQUAL OPPORTUNITY EMPLOYER /AFFIRMATIVE ACTION PLAN</span></strong></span></p><p style='margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:0in;font-size:11.0pt;font-family:\"Calibri\",sans-serif;line-height:normal;background:white;vertical-align:baseline;'><span style=\"font-family: tahoma, sans-serif; color: black; font-size: 18px;\">We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, or creed, religion, sex, marital status, familial status, sexual orientation, national origin, age, disability, veteran’s status, status with regard to public assistance, or any other class protected by Federal, State, local laws governing nondiscrimination in employment.</span></p></div></div></div></div></div>\n",
"sponsoredVisaTypeCodes": []
},
"list_job": {
"links": [],
"itemID": "9201008983659_1",
"postDate": "2026-03-04T13:27:00.000-05:00",
"payGradeRange": {
"maximumRate": {
"amountValue": 190000,
"currencyCode": "USD"
},
"minimumRate": {
"amountValue": 120000,
"currencyCode": "USD"
}
},
"workLevelCode": {
"shortName": "Full Time"
},
"customFieldGroup": {
"codeFields": [
{
"nameCode": {
"codeValue": "SalaryType"
},
"codeValue": "AN",
"shortName": "Annually"
},
{
"nameCode": {
"codeValue": "SalaryRangeType"
},
"codeValue": "RANGE",
"shortName": "RANGE"
}
],
"dateFields": [
{
"nameCode": {
"codeValue": "PostingDate"
},
"dateValue": "2026-03-04T13:27Z"
},
{
"nameCode": {
"codeValue": "CurrentServerDateTime"
},
"dateValue": "2026-06-06T08:17Z"
}
],
"numberFields": [
{
"numberValue": 0,
"categoryCode": {
"codeValue": "ApplicantCount"
}
},
{
"categoryCode": {
"codeValue": "AwardAmount"
}
}
],
"stringFields": [
{
"nameCode": {
"codeValue": "ExternalJobID"
},
"stringValue": "560593"
},
{
"nameCode": {
"codeValue": "CareerCenterRefId"
}
},
{
"nameCode": {
"codeValue": "GuidelineOid"
}
},
{
"nameCode": {
"codeValue": "CurrencySymbolOrCode"
}
},
{
"nameCode": {
"codeValue": "HomeDepartment"
},
"stringValue": ""
},
{
"nameCode": {
"codeValue": "JobClass"
},
"stringValue": "Management"
},
{
"nameCode": {
"codeValue": "SalaryRange"
},
"stringValue": "120000.00 To 190000.00 (USD) Annually"
}
],
"indicatorFields": [
{
"nameCode": {
"codeValue": "PriortyStatusFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "InternalPostingFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "MinValue"
},
"indicatorValue": true
},
{
"nameCode": {
"codeValue": "IsVsidApplicable"
},
"indicatorValue": true
},
{
"nameCode": {
"codeValue": "IsSassDlReqForExtPostFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "IsSassDlReqForIntPostFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "IsMonetaryFlag"
},
"indicatorValue": false
},
{
"nameCode": {
"codeValue": "IsNonMonetaryFlag"
},
"indicatorValue": false
}
]
},
"requisitionTitle": "Director of Information Security",
"clientRequisitionID": "1273",
"organizationalUnits": [],
"postingInstructions": [],
"additionalProperties": {},
"requisitionLocations": [
{
"address": {
"cityName": "St. Cloud",
"postalCode": "56301",
"countrySubdivisionLevel1": {
"codeValue": "MN"
}
},
"nameCode": {
"shortName": " St. Cloud, MN, US"
},
"aliasNames": []
}
],
"screeningRequirements": [],
"sponsoredVisaTypeCodes": []
},
"detail_meta": {
"url": "https://workforcenow.adp.com/mascsr/default/careercenter/public/events/staffing/v1/job-requisitions/560593?cid=cbc61a9e-850d-4133-ba7a-16f730256632&ccId=19000101_000001&lang=en_US&locale=en_US",
"http_status": 200,
"content_type": "application/json;charset=UTF-8",
"response_bytes": 51318
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/6afa32b2ee3aaf7a2210918fee3a87b6504bbcc3?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/4b751378-d7f9-40df-98b5-b47d480c44d8JSONGET https://api.bluedoor.sh/job-postings/v1/sources/1858c471-3201-4053-a118-e39527a3f0a0JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/6afa32b2ee3aaf7a2210918fee3a87b6504bbcc3/eventsJSON