Mercury - Deputy Chief Information Security Officer - Bank

• Policy and standards craft. You can draft a board-ratifiable policy and the supporting standards stack that operationalizes intent, not just satisfies a checklist. • Policy and standards craft. • Operating discipline. You run cadences, write status that survives executive review, and maintain currency of controls, evidence, and risk registers. • Operating discipline. • 2LOD instinct. You understand the three-lines-of-defense model and have served in the oversight role. • 2LOD instinct. • What we'd love: • What we'd love: • Prior Deputy CISO or equivalent senior 2LOD role at a national bank, trust bank, or large credit union. • Charter or de novo bank experience — if you've stood one up before, that is a meaningful advantage here. • Strong technical baseline,  you don't need to be an engineer, but you should be able to challenge an architecture review and read an incident timeline credibly. • CISSP, CISM, or CRISC • What success looks like: • At 30 days - You have developed working knowledge of Mercury’s FFIEC IT control inventory and roadmap, every in-flight policy draft, and met one-on-one with the GRC team. You can speak to the top ten risks in the bank-entity program by name. • At 30 days • At 90 days - You are running the weekly bank charter status cadence, leading examiner-readiness reviews, and personally accountable for at least three priority program tracks. The CISO is briefing the board and the MRCC with material you authored. • At 90 days • At one year - The charter timeline is on track. The bank-entity Information Security program sustains supervisory-grade standards as a standing posture. You are the executive other functions consult to determine whether a security risk is material. • At one year