HiringCafe
Posted 1y ago

Chief Information Security Office-Strategy, Programs & GRC Associate

@ Bank of China
View All Jobs
New York, New York, United States
$42k-$90k/yrOnsiteFull Time
Responsibilities:Coordinating strategy, Managing programs, Assessing risk
Requirements Summary:3+ years in financial services risk management or IT risk; 1 year with US banking regulations; bachelor's in business/IT related field; CISSP/CRISC preferred.
Technical Tools Mentioned:SIEM, DLP, XDR, EDR, Web Filter
Save
Mark Applied
Hide Job
Report & Hide
Job Description
Introduction:

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.



Overview:

This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance, Data Privacy functions as detailed below.



Responsibilities:

Includes but not limited to:

 

Strategy

  • Coordinate Information Security strategy in alignment with the BOCNY branch strategy
  • Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
  • Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue Adjust strategy as necessary
  • Provide end-to-end project management function for all CISO led projects

Programs

  • Manage all CISO programs, including but not limited to:
    • Information Security Program
    • Training & Culture Program
      • Security Training
      • Phishing Campaigns
      • Tabletop Exercises
    • Data Privacy Program

Governance

  • Establish and maintain Information Security policies and procedures
  • Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
  • Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
  • Develop, monitor, and track CISO policy adherence measures and metrics
  • Provide all administrative functions for the Information Security Committee and all its sub-committees

Risk

  • Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
  • Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications
  • Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
  • Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains
  • Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
  • Track observed control gaps and root causes and annually refresh CISO policy and procedures to reflect new and enhanced controls

Compliance

  • Prepare and submit Audit Requests for evidence
  • Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation
  • Prepare response evidence for IT/IS related regulatory exams
  • Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
  • Evaluate and provide evidence of compliance for BOCNY Branch
  • Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements

Data Privacy

  • Develop and implement strategies to ensure compliance with relevant privacy laws and regulations
  • Stay up-to-date with changes in data privacy legislation and industry best practices
  • Assist in the development and maintenance of privacy policies, standards and procedures
  • Provide oversight and monitoring of privacy risk assessments by the FLUs
  • Ensure all relevant processes reflect privacy requirements and comply with laws and regulations
  • Plan and implement privacy training programs and communications
  • Identify and assess privacy risks within the organization

Metrics & Reporting

  • Manage all metrics and reporting for CISO
    • Operational
    • Executive & Board
    • Budget & Headcount
    • Dashboards


Qualifications:
  • Bachelor’s degree in Business, Risk, Data, Computer Science, Management Information Systems, Engineering, Mathematics, or related field
  • Minimum 3 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, Data Privacy or other relevant functions
  • Minimum 2 years of experience in developing and executing IT/IS Risk programs, projects, and policies
  • Minimum 1 year of experinece working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks

  • Good understanding of regulatory requirements including FFIEC, GLBA, NIST

  • Knowledge of Information security and cyber security best practices

  • Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.

  • Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc.

  • CISSP/CRISC/ or IT related certifications preferred    



Pay Range

Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.

:
USD $42,000.00 - USD $90,000.00 /Yr.