America Data Center - Cybersecurity VP - Bank of China
New York, NY 10018
About the Job
Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.
Overview:The incumbent will lead the Cybersecurity management team to define the 1st line
Cybersecurity management process, methodology and procedure, and oversee America
Data Center cybersecurity related activities. S/he will also be responsible for conducting
information security assessments, vulnerability analysis, and implementing controls to
address information security issues. In addition, s/he will monitor and report the Bank’s
information security status, escalating major issues to management as necessary.
Include but are not limited to:
Information Security/Cyber Security management
Include but are not limited to:
Information Security/Cyber Security management
- Conduct periodic information security/Cyber Security assessments (e.g., information security controls, FW rules) and follow up on remediation status
- Identify, assess, monitor, report and follow up on key Information security/Cyber Security issues
- Recommend and implement IT solutions related to Information security/Cyber Security
- Assist in the development and implementation of new security initiatives, including policies, processes and awareness programs
Information Security Operation
- Manage and operate information security tools (e.g. Nessus, Websense DLP, etc.)
- Investigate and follow up the information security alerts generated from various security tools
- Oversee Privilege ID process, including the creation, access modification, and termination within America Data Center
- Assist the Department Head to manage Contingency exercises and IT incident response processes
Regulatory and Audit communication
- Act as point of contact with Regulators and Internal/External Auditors.
- Assist in preparing and reviewing all requested documents from regulators/auditors"
- Bachelor’s degree required in Computer Science or Risk Management
- Minimum 6 years of Information Security or Cybersecurity management experience within Financial Services required, auditor experience preferred
- Demonstrate sound understanding of IT risk and control assessment methodology, information security framework, as well as FFIEC Guidelines, SSAE 18, SP800-53, FIPS-199, COBIT standards
- Demonstrate strong communication skills, as well as operation skills of Information Security tools
- Bilingual ability in Mandarin preferred
- CISSP, CISA certification(s) preferred
Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.