ABOUT US

Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. We support not only individuals with their personal banking needs; we also empower businesses by integrating modern banking technology that drives growth, flexibility, and innovation.

At Coastal, we think and move like entrepreneurs; focused on impact, speed, and continuous improvement. We believe in working smart, collaborating deeply, and building solutions that unlock real potential. If you're someone who thrives in a fast-moving environment, loves solving complex problems, and wants to help shape the future of banking, we’d love to meet you.

Check out our video here!

OVERVIEW

The Director of Cybersecurity Governance, Risk & Compliance leads the Security Governance, Risk & Compliance (GRC) function and owns the overall health and maturity of Coastal’s Security Program. You will manage a small team and directly oversee Third Party Risk Management, security governance for BaaS and fintech programs, control definition and internal testing aligned to the NIST CSF, CRI Profile, and FFIEC IT Examination Handbooks, Business Continuity Management (BCM), security reviews of fintech partners, and identity and access certification campaigns. This role blends hands-on technical and GRC capability with strategic leadership. You’ll partner with Security Engineering, IT, Business Lines, Enterprise Risk, Internal Audit, Compliance, and fintech partners to translate regulatory expectations into auditable, automated, and durable controls that reduce risk and enable the business.

RESPONSIBILITIES TO INCLUDE

Leadership & Strategy

• Lead the Security GRC team responsible for Third Party Risk Management, control governance and testing, Business Continuity Management, and access governance.
• Set the vision, roadmap, and priorities for the Security Program in partnership with the CISO, other Security & IT functions, and Enterprise Risk Management.
• Mentor and develop team members. Define clear goals, performance expectations, and development plans.
• Act as a key advisor to security and business leadership on cyber and technology risk posture, tradeoffs, and remediation priorities.

Security Program Ownership, Governance, and Execution

• Own the Security Program and ensure that regulatory, contractual, and internal security requirements are satisfied across the enterprise and BaaS/fintech ecosystem.
• Define and maintain the enterprise control baseline mapped to the NIST CSF, CRI Profile, and FFIEC IT Examination Handbooks, aligning with GLBA, SOX, and PCI-DSS where applicable.
• Author and approve control narratives, RACI, evidence requirements, testing procedures, and control objectives. Author and maintain cybersecurity governance documents, such as policies and standards.
• Work with technical control owners to implement processes and automations aligned to written controls, policies, and standards.
• Champion “policy as code” and guardrails (e.g., identity, configuration, network segmentation, logging/monitoring) in partnership with Security Engineering and IT.
• Oversee targeted cyber/IT risk assessments for technology changes, third parties, products, and fintech programs and ensure clear articulation of inherent and residual risk.
• Maintain a centralized log of issues, control gaps, and remediation plans; ensure sustainable fixes and prevent recurrences by updating baselines, standards, and automation.
• Partner with Enterprise Risk Management on risk acceptance, watch lists, and aggregation of security risks into enterprise risk reporting.
• Own the design and execution of access certification campaigns across key systems and applications (e.g., core banking, identity platforms, cloud, fintech partner integrations).

Third Party Risk Management & Fintech Partner Security Reviews

• Own the Third Party Risk Management (TPRM) program for vendors who provide services to the Bank.
• Define and maintain risk-based onboarding, due diligence, and ongoing monitoring processes for third parties.
• Lead cybersecurity reviews of fintech partners, including evaluation of controls, data flows, architecture, and shared-responsibility models.
• Partner with Procurement, Legal, and Business Lines to ensure contracts and SLAs reflect appropriate security, privacy, and resilience requirements.
• Track remediation of vendor and fintech security issues and report status and residual risk to stakeholders and governance committees.

Business Continuity Management (BCM) & Resilience

• Own the Business Continuity Management Program execution for the Bank in coordination with key stakeholders. Ensure business impact analyses (BIA), recovery strategies, plans, and playbooks are defined, maintained, and tested for critical business processes and supporting technologies.
• Plan and coordinate BCP/DR exercises, including lessons-learned reviews and remediation tracking.
• Provide reporting on resilience posture, RTO/RPO alignment, and program maturity to senior management and risk committees.

Regulatory Exams, Audits & Reviews

• Lead preparation and responses for Internal Audit activities, regulatory examinations, independent audits, and customer/partner due diligence related to security, IT, and BCM.
• Produce concise, defensible narratives, control maps, and evidence packages. Coordinate requests and brief stakeholders before and during exams.
• Track and oversee remediation of exam and audit findings and report progress to management and risk committees.

Metrics, Reporting & Enablement

• Publish program health dashboards, KRIs/KPIs, and control maturity assessments to Enterprise Risk Management, management, and risk committees.
• Coach control owners on expectations, testing methods, evidence hygiene, and automation opportunities.
• Promote a culture of control excellence, continuous improvement, and proactive risk management across the Bank.

QUALIFICATIONS

• Demonstrated ability to operationalize the FFIEC IT Examination Handbooks, NIST CSF, and the CRI Profile into practical, auditable controls and testing procedures.
• Proven experience owning or leading Third Party Risk Management, control frameworks, and/or Business Continuity Management programs in a regulated environment.
• Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards.
• Familiarity with Azure/Microsoft 365/Entra, Okta, Windows/Linux, networks, CI/CD, vulnerability management, EDR, logging/SIEM, and data protection.
• Experience with GRC platforms and workflow/ticketing systems.
• Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.
• Excellent written/oral communication with proven ability to influence cross-functional teams and present to management, auditors, regulators, and fintech partners.
• Bias for automation and measurable outcomes.
• Comfortable in fast-moving, high-accountability settings.

EDUCATION/EXPERIENCE

• 10+ years in Cybersecurity Risk, Governance, Compliance, Security Operations, and/or risk engineering. Experience in regulated industries, especially financial services, strongly preferred.
• 3+ years managing a Cybersecurity Risk, Governance, and Compliance team.
• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or related field; equivalent experience considered.
• Certifications preferred: CRISC, CISA, CISSP, CISM, CCSK/CCSP, AZ-500 (or comparable).

HOW YOU’LL THRIVE AT COASTAL

• Be the Best – Communicate effectively, pay close attention to detail, and prioritize your personal development.
• Be Relentless – Thrive in a goal-oriented environment exercising both patience and persistence. Advocate for our customers and team members and strive to promote the Coastal Difference.
• Be Un-Bankey – Be a forward thinker with a creative mindset. Build long-lasting relationships promoting the Coastal Difference, built on a foundation of integrity, honesty, and trust.
• Embrace Gray Thinking – Use sound judgment while decision-making and problem-solving. Think outside the box.
• Stay Flexible – Organize and strategize effectively while always being prepared to adapt on the fly. Seek efficiencies for Coastal to work smarter, not harder.
• Take Care of Each Other – Understand what it means to be a true team player and have your teammate's back. Practice self-awareness and build your emotional intelligence.

BEING YOU AT COASTAL

Coastal Community Bank is an equal opportunity employer. We are committed to providing a workplace free from discrimination and harassment. All employment decisions are based on merit, qualifications, and business needs. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other protected status under applicable laws.

BENEFITS WE OFFER

We’re proud to offer a comprehensive benefits package designed to support your health, financial well-being, and work-life balance. Our offerings include:

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.

PHYSICAL DEMANDS

The physical demands described below are required to perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee must be able to:

• Sit for extended periods of time.
• Stand for extended periods of time.
• Perform repetitive finger, hand, and arm movement.
• Use electronic office equipment such as a computer keyboard, mouse, ten key, telephone, etc.
• View and read computer screens for extended periods.
• Occasionally stoop, kneel, crouch, or crawl.
• Occasionally lift or move up to 10 pounds.

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.