America Data Center - Cybersecurity VP

Introduction

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

Overview

The incumbent will lead the Cybersecurity management team to define the 1st lineCybersecurity management process, methodology and procedure, and oversee AmericaData Center cybersecurity related activities. S/he will also be responsible for conductinginformation security assessments, vulnerability analysis, and implementing controls toaddress information security issues. In addition, s/he will monitor and report the Bank’sinformation security status, escalating major issues to management as necessary.

Responsibilities

Include but are not limited to:

Information Security/Cyber Security management

Include but are not limited to:

Information Security/Cyber Security management

• Conduct periodic information security/Cyber Security assessments (e.g., information security controls, FW rules) and follow up on remediation status
• Identify, assess, monitor, report and follow up on key Information security/Cyber Security issues
• Recommend and implement IT solutions related to Information security/Cyber Security
• Assist in the development and implementation of new security initiatives, including policies, processes and awareness programs

Information Security Operation

• Manage and operate information security tools (e.g. Nessus, Websense DLP, etc.)
• Investigate and follow up the information security alerts generated from various security tools
• Oversee Privilege ID process, including the creation, access modification, and termination within America Data Center
• Assist the Department Head to manage Contingency exercises and IT incident response processes

Regulatory and Audit communication

• Act as point of contact with Regulators and Internal/External Auditors.
• Assist in preparing and reviewing all requested documents from regulators/auditors"

Qualifications

• Bachelor’s degree required in Computer Science or Risk Management
• Minimum 6 years of Information Security or Cybersecurity management experience within Financial Services required, auditor experience preferred
• Demonstrate sound understanding of IT risk and control assessment methodology, information security framework, as well as FFIEC Guidelines, SSAE 18, SP800-53, FIPS-199, COBIT standards
• Demonstrate strong communication skills, as well as operation skills of Information Security tools
• Bilingual ability in Mandarin preferred
• CISSP, CISA certification(s) preferred

Pay Range

Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.

USD $110,000.00 - USD $230,000.00 /Yr.