Bank of China
Cybersecurity Management Lead
The incumbent will lead the Cybersecurity management team to define the 1st line Cybersecurity management process, methodology and procedure, and oversee America Data Center cybersecurity related activities. S/he will also be responsible for conducting information security assessments, vulnerability analysis, and implementing controls to address information security issues. In addition, s/he will monitor and report the Bank's information security status, escalating major issues to management as necessary. Include but are not limited to: Information Security/Cyber Security management Conduct periodic information security/Cyber Security assessments (e.g., information security controls, FW rules) and follow up on remediation status Identify, assess, monitor, report and follow up on key Information security/Cyber Security issues Recommend and implement IT solutions related to Information security/Cyber Security Assist in the development and implementation of new security initiatives, including policies, processes and awareness programs Information Security Operation Manage and operate information security tools (e.g. Nessus, Websense DLP, etc.) Investigate and follow up the information security alerts generated from various security tools Oversee Privilege ID process, including the creation, access modification, and termination within America Data Center Assist the Department Head to manage Contingency exercises and IT incident response processes Regulatory and Audit Communication Act as point of contact with Regulators and Internal/External Auditors. Assist in preparing and reviewing all requested documents from regulators/auditors Qualifications Bachelor's degree required in Computer Science or Risk Management Minimum 6 years of Information Security or Cybersecurity management experience within Financial Services required, auditor experience preferred Demonstrate sound understanding of IT risk and control assessment methodology, information security framework, as well as FFIEC Guidelines, SSAE 18, SP800-53, FIPS-199, COBIT standards Demonstrate strong communication skills, as well as operation skills of Information Security tools Bilingual ability in Mandarin preferred CISSP, CISA certification(s) preferred Pay Range Actual salary is commensurate with candidate's relevant years of experience, skillset, education and other qualifications. USD $110,000.00 - USD $230,000.00 /Yr.
The incumbent will lead the Cybersecurity management team to define the 1st line Cybersecurity management process, methodology and procedure, and oversee America Data Center cybersecurity related activities. S/he will also be responsible for conducting information security assessments, vulnerability analysis, and implementing controls to address information security issues. In addition, s/he will monitor and report the Bank's information security status, escalating major issues to management as necessary. Include but are not limited to: Information Security/Cyber Security management Conduct periodic information security/Cyber Security assessments (e.g., information security controls, FW rules) and follow up on remediation status Identify, assess, monitor, report and follow up on key Information security/Cyber Security issues Recommend and implement IT solutions related to Information security/Cyber Security Assist in the development and implementation of new security initiatives, including policies, processes and awareness programs Information Security Operation Manage and operate information security tools (e.g. Nessus, Websense DLP, etc.) Investigate and follow up the information security alerts generated from various security tools Oversee Privilege ID process, including the creation, access modification, and termination within America Data Center Assist the Department Head to manage Contingency exercises and IT incident response processes Regulatory and Audit Communication Act as point of contact with Regulators and Internal/External Auditors. Assist in preparing and reviewing all requested documents from regulators/auditors Qualifications Bachelor's degree required in Computer Science or Risk Management Minimum 6 years of Information Security or Cybersecurity management experience within Financial Services required, auditor experience preferred Demonstrate sound understanding of IT risk and control assessment methodology, information security framework, as well as FFIEC Guidelines, SSAE 18, SP800-53, FIPS-199, COBIT standards Demonstrate strong communication skills, as well as operation skills of Information Security tools Bilingual ability in Mandarin preferred CISSP, CISA certification(s) preferred Pay Range Actual salary is commensurate with candidate's relevant years of experience, skillset, education and other qualifications. USD $110,000.00 - USD $230,000.00 /Yr.