Cybersecurity Risk Lead

Introduction

Since 1973, East West Bank has served as a pathway to success. With over 110 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement.  Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.

Overview

We are currently seeking a Cybersecurity Risk Lead to join our bank’s second line of defense. This role involves providing expert guidance, credible challenge, and effective oversight of technology and information security activities throughout the company. The Cybersecurity Risk Lead will incorporate and monitor the bank's risk management framework on Technology Risk, identifying regulatory, legal, and compliance risk exposures related to products, solutions, environments, and frameworks.

Responsibilities

• Manage and coordinate technology risk activities to ensure material/key risks are appropriately identified, managed, escalated, tracked, and remediated timely.
• Engage effectively with the first line of defense to assess control effectiveness and monitoring activities, strengthening the control environment and reducing risk.
• Perform comprehensive and independent risk analysis activities, along with ongoing credible challenge activities to support technology risk.
• Analyze, aggregate, and articulate results/issues/recommendations related to control testing activities.
• Lead independent identification, assessment, monitoring, and reporting of technology risk across the company’s technology environment.
• Review and analyze internal and external reports for risk issues using the bank's risk framework.
• Assist with monitoring and validating the closure of risks/control issues identified through testing results.
• Conduct reviews of Risk and Control Self-Assessments (RCSAs) and assess the adequacy and effectiveness of controls within technology-related process/risk areas to conclude on the design and operating effectiveness of key controls.
• Support quality assessments of RCSAs completed by first line managers and recommend changes as appropriate.
• Influence control owners and other stakeholders to build consensus on risk mitigation and remediation strategies.
• Prepare ad-hoc risk management reports as assigned.
• Stay updated with industry best practices and new regulations.
• Perform other duties and special projects as assigned.

Qualifications

• 5+ years of direct, related experience in Risk Management, Information Technology Audit, or Cyber Security.
• Strong written and verbal communication skills to confidently interact across all levels of the organization, including management, executives, regulators, and the board of directors.
• Outstanding business and cybersecurity communication skills.
• Highly organized and efficient, with the ability to balance and manage multiple projects concurrently.
• Demonstrated strategic and tactical thinking, decision-making skills, and business acumen.
• Advanced knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards, and practices.
• Knowledge and experience with frameworks and specific regulatory guidance, including CRI, NIST, GLBA, ISO, COBIT, and FFEIC.

Compensation

The base pay range for this position is USD $70,000.00/Yr. - USD $150,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.