Vice President, Information Security Office, Global Information Security

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:

The Merrill Lynch Securities Taiwan (MLST) Information Security Officer within Global Information Security (GIS) is responsible for information security control enforcement, cybersecurity awareness, and enablement across all lines of business, enterprise functions, technology, and operations teams in all countries. The Information Security Officer team also leads cybersecurity external engagement.

The MLST Information Security Officer reports directly to the Regional Information Security Officer and work closely with the country management. In this role, you will be providing guidance on various complexity of security issues to the country stakeholders to ensure IS local regulations, GIS policies and standards are adhered to and IS risks are mitigated.

The MLST Information Security Officer utilizes in-depth technical / project knowledge, plus the understanding of business requirements, and closely follows bank’s risk management framework, to influence and build a security aware culture and embed security into all layers of business processes to meet customer / client needs while protecting the Bank's assets.

Responsibilities:

• Serve as the local point of contact of all information security matters, including control enforcement, incident management, governance, compliance, and third-party risk management.
• Manage local audit and regulatory engagements impacting Global Information Security.
• Drives country-specific control implementations or special programs, where deemed necessary based on risk assessments or local regulatory requirements.
• Provide information security guidance and support to the country management and local business in risk assessments and implementation of appropriate information security procedures and controls with consideration to applicable policy and regulatory requirements.
• Monitor existing and proposed security policies, standards, and local regulations; Identifies and escalates changes that will affect information security policy, standards, and procedures.
• Deliver information security awareness trainings to employees in accordance with local regulations and business needs.
• Monitor internal and external information security trends, keeps local leadership and regional/global GIS teams informed about information security-related issues and activities affecting the local entity.
• Partner with information security officers in the region to enhance country governance model and deliver on other regional initiatives to ensure a consistent risk management approach across the region.
• Represent the Bank in meetings and conferences with regulators and industry partners; Maintain good relationship with external stakeholders.

Skills:

• 5+ years of information security risk management experience with proven ability to manage challenging business situations.
• Good working knowledge of governance, risk management and compliance routines and control processes.
• Familiar with country laws and regulatory requirements relating to information security and privacy, industry best practices, and their impact to the business.
• Strong communication skills and experience with managing senior stakeholders in in both English and Chinese; Strong business writing skills in both English and Traditional Chinese.
• Hold relevant professional certificates recognized by local authorities.
• Good understanding on Global Markets business and technology is an advantage.