Chief Information Security Office-Strategy, Programs & GRC AVP

Bank Of China Information Security Officer

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

Responsibilities

Governance

• Establish and maintain Information Security policies and procedures
• Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
• Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
• Develop, monitor, and track CISO policy adherence measures and metrics

Strategy & Programs

• Coordinate Information Security strategy in alignment with the Bank's strategy
• Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
• Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary
• Provide end-to-end project management function for all CISO led projects
• Manage all CISO programs, including but not limited to: Information Security Program & Training & Culture Program

Risk & Compliance

• Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
• Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications
• Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
• Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains.
• Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
• Prepare and submit Audit Requests for evidence
• Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation
• Prepare response evidence for IT/IS related regulatory exams
• Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
• Evaluate and provide evidence of compliance for BOCNY Branch
• Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements

Metrics & Reporting

• Manage all metrics and reporting for CISO

Qualifications

• Bachelor's degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
• Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions
• Minimum 3 years of experience in developing and executing IT/IS Risk programs, projects, and policies
• Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks
• Strong program, frameworks, project management development, implementation, and maintenance skills
• Sound and practical IT/IS risk management and program knowledge
• Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc.
• CISSP/CRISC/ or IT related certifications preferred

Pay Range

Actual salary is commensurate with candidate's relevant years of experience, skillset, education and other qualifications.

USD $65,000.00 - USD $150,000.00 /Yr.