Sr. Manager, IT Risk

Country of Location:

Job Responsibilities:

• Responsible to develop and maintain all IT and Cybersecurity local procedures for NY/LA branches based on US regulatory requirement and CNCBI Policies & Standards include but not limited to Information Security Policy and Cyber Security Strategy, associated standards and guidance pertaining.
• Identify strengths and weaknesses in the Information Security Program as they relate to privacy, security, business resiliency and compliance frameworks to detect, prevent and react to current and emerging information security threats Prepare for IT related risk assessments and gap analysis against internal controls and regulatory requirements
• Update IT management of any new regulatory requirements, and/or any newly identified IT risk on regular basis
• Working with Head Office Risk Control & Governance, Operational Risk Management, and Compliance staff on implementing enhancement of risk management initiatives.
• Advise on and challenge control matters as needed from risk management perspective
• Respond to incidents including suspected cybersecurity incidents according to incident response plan and playbooks
• Oversight of KRI reporting and review indicators healthiness and, provide regular update to US IT Committee and relevant oversight committee in CNCBI Head Office.
• Support and assist with CNCBI NY/LA branch audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication and ownership.
• Participate in IT governance related meetings and articular IT risk control issues to ITG management and branch management
• Coordinate internal and external parties to conduct security assessment (such as Red/Blue/Purple team and penetration test) based on regulatory requirement.
• Based on CNCBI head office requirements to organize security awareness education program and necessary trainings for US branches to promote the security cultures.
• Ad-hoc task or projects assigned by IT management and CNCBI head office related to Information Security.
• Support frontline and adhere to anti-money laundering / counter terrorist financing requirement and sanction risks controls in accordance with regulatory standards and CNCBI policies.

Requirements:

1. Education Qualification
• Degree holder in Information Technology or related discipline.
2. Working Experiences
• At least 5 years' experience in Information Security or technology risk management.
• At least 3 years’ experience in technology vendor management.
3. Professional Qualification / Professional Examination / License
• Diplomas or Certifications in information security/data governance preferred
• Certified in CISSP, CISA, CISM or other recognized certificate is preferred