America Data Center - Cybersecurity VP

Introduction

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

The incumbent will lead the Cybersecurity management team to define the 1st line Cybersecurity management process, methodology and procedure, and oversee America Data Center cybersecurity related activities. S/he will also be responsible for conducting information security assessments, vulnerability analysis, and implementing controls to address information security issues. In addition, s/he will monitor and report the Bank’s information security status, escalating major issues to management as necessary.

Include but are not to be limited to:

• Information Security/Cyber Security management:
  Conduct periodic information security/Cyber Security assessments (e.g., information security controls, FW rules) and follow up on remediation status;
  Identify, assess, monitor, report and follow up on key Information security/Cyber Security issues;
  Recommend and implement IT solutions related to Information security/Cyber Security;
  Assist in the development and implementation of new security initiatives, including policies, processes and awareness programs
• Information Security Operation:
  Manage and operate information security tools (e.g. Nessus, Websense DLP, etc.);
  Investigate and follow up the information security alerts generated from various security tools;
  Oversee Privilege , including the creation, access modification, and termination within America Data Center;
  Assist the Department Head to manage Contingency exercises and IT incident response processes
• Regulatory and Audit communication:
  Act as point of contact with Regulators and Internal/External Auditors;
  Assist in preparing and reviewing all requested documents from regulators/auditors

• Bachelor’s degree required in Computer Science or Risk Management
• Minimum 6 years of Information Security or Cybersecurity management experience within Financial Services required, auditor experience preferred
• Demonstrate sound understanding of IT risk and control assessment methodology, information security framework, as well as FFIEC Guidelines, SSAE
  18, SP800-53, FIPS-199, COBIT standards
• Demonstrate strong communication skills, as well as operation skills of Information Security tools
• Bilingual ability in Mandarin preferred
• CISSP, CISA certification(s) preferred

Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.

USD $ - USD $ /Yr.