Bank of China USA
Chief Information Security Office-Strategy, Programs & GRC AVP
Bank of China USA, New York, New York, us, 10261
Chief Information Security Office-Strategy, Programs & GRC AVP
Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long‑term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.
Overview This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. The role includes Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance functions as detailed below.
Responsibilities Governance
Establish and maintain Information Security policies and procedures
Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
Develop, monitor, and track CISO policy adherence measures and metrics
Strategy & Programs
Coordinate Information Security strategy in alignment with the Bank's strategy
Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary
Provide end-to-end project management function for all CISO led projects
Manage all CISO programs, including Information Security Program & Training & Culture Program
Risk & Compliance
Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
Conduct risk assessments of TISR for Projects, Third‑Party, New Activities and Applications
Develop and execute a TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains
Catalog and oversee remediation of TISR issues including those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
Prepare and submit Audit Requests for evidence
Anticipate audit requests and prepare comprehensive approach for CISO policy and standards and associated implementation
Prepare response evidence for IT/IS related regulatory exams
Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
Evaluate and provide evidence of compliance for BOCNY Branch
Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements
Metrics & Reporting
Manage all metrics and reporting for CISO
Qualifications
Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions
Minimum 3 years of experience in developing and executing IT/IS Risk programs, projects, and policies
Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks
Strong program, frameworks, project management development, implementation, and maintenance skills
Sound and practical IT/IS risk management and program knowledge
Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc.
CISSP/CRISC or other IT related certifications preferred
Pay Range USD $65,000.00 – USD $150,000.00 per year.
Seniority level Executive
Employment type Full‑time
Job function Information Technology
Industries Banking
#J-18808-Ljbffr
Overview This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. The role includes Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance functions as detailed below.
Responsibilities Governance
Establish and maintain Information Security policies and procedures
Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
Develop, monitor, and track CISO policy adherence measures and metrics
Strategy & Programs
Coordinate Information Security strategy in alignment with the Bank's strategy
Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary
Provide end-to-end project management function for all CISO led projects
Manage all CISO programs, including Information Security Program & Training & Culture Program
Risk & Compliance
Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
Conduct risk assessments of TISR for Projects, Third‑Party, New Activities and Applications
Develop and execute a TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains
Catalog and oversee remediation of TISR issues including those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
Prepare and submit Audit Requests for evidence
Anticipate audit requests and prepare comprehensive approach for CISO policy and standards and associated implementation
Prepare response evidence for IT/IS related regulatory exams
Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
Evaluate and provide evidence of compliance for BOCNY Branch
Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements
Metrics & Reporting
Manage all metrics and reporting for CISO
Qualifications
Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions
Minimum 3 years of experience in developing and executing IT/IS Risk programs, projects, and policies
Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks
Strong program, frameworks, project management development, implementation, and maintenance skills
Sound and practical IT/IS risk management and program knowledge
Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc.
CISSP/CRISC or other IT related certifications preferred
Pay Range USD $65,000.00 – USD $150,000.00 per year.
Seniority level Executive
Employment type Full‑time
Job function Information Technology
Industries Banking
#J-18808-Ljbffr