SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 10008, New York, NY
  3. Chief Information Security Office-Strategy, Programs & GRC AVP

Chief Information Security Office-Strategy, Programs & GRC AVP

Bank of China
Posted 6 months ago, valid for 8 days
Location

New York, NY 10008, US

Salary

USD 65000 - 150000 YEAR

info
Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Bank of China is seeking a candidate to fulfill various Strategy, Governance, Risk, and Compliance functions for its information security program.
  • The position requires a minimum of 5 years of work experience in Financial services Risk Management or related fields, along with 3 years in developing IT/IS Risk programs.
  • Candidates should possess a bachelor's degree in a relevant field and have strong project management and risk management skills.
  • The salary for this role ranges from USD $65,000.00 to USD $150,000.00 per year, depending on experience and qualifications.
  • Preferred certifications include CISSP/CRISC or other IT-related credentials.

Introduction

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

Overview

This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance functions as detailed below.

Responsibilities

Governance

  • Establish and maintain Information Security policies and procedures
  • Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
  • Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
  • Develop, monitor, and track CISO policy adherence measures and metrics

Stragtegy & Programs

  • Coordinate Information Security strategy in alignment with the Bank's strategy
  • Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
  • Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary
  • Provide end-to-end project management function for all CISO led projects
  • Manage all CISO programs, including but not limited to: Information Security Program & Training & Culture Program

Risk & Compliance

  • Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
  • Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications
  • Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
  • Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains.
  • Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
  • Prepare and submit Audit Requests for evidence
  • Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation
  • Prepare response evidence for IT/IS related regulatory exams
  • Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
  • Evaluate and provide evidence of compliance for BOCNY Branch
  • Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements

Metrics & Reporting

  • Manage all metrics and reporting for CISO

Qualifications

  • Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
  • Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions
  • Minimum 3 years of experience in developing and executing IT/IS Risk programs, projects, and policies
  • Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks

  • Strong program, frameworks, project management development, implementation, and maintenance skills

  • Sound and practical IT/IS risk management and program knowledge

  • Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc.

  • CISSP/CRISC/ or IT related certifications preferred  

Pay Range

Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.

USD $65,000.00 - USD $150,000.00 /Yr.


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs