Bocusa
Chief Information Security Office-Strategy, Programs & GRC Associate
Bocusa, New York, New York, us, 10261
Chief Information Security Office-Strategy, Programs & GRC Associate
Join to apply for the
Chief Information Security Office-Strategy, Programs & GRC Associate
role at
Bank of China USA Chief Information Security Office-Strategy, Programs & GRC Associate
4 days ago Be among the first 25 applicants Join to apply for the
Chief Information Security Office-Strategy, Programs & GRC Associate
role at
Bank of China USA Get AI-powered advice on this job and more exclusive features. Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.
Overview
This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance, Data Privacy functions as detailed below.
Responsibilities
Includes but not limited to:
Strategy
Coordinate Information Security strategy in alignment with the BOCNY branch strategy Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue Adjust strategy as necessary Provide end-to-end project management function for all CISO led projects
Programs
Manage all CISO programs, including but not limited to: Information Security Program Training & Culture Program Security Training Phishing Campaigns Tabletop Exercises Data Privacy Program
Governance
Establish and maintain Information Security policies and procedures Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance Develop, monitor, and track CISO policy adherence measures and metrics Provide all administrative functions for the Information Security Committee and all its sub-committees
Risk
Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing Track observed control gaps and root causes and annually refresh CISO policy and procedures to reflect new and enhanced controls
Compliance
Prepare and submit Audit Requests for evidence Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation Prepare response evidence for IT/IS related regulatory exams Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations Evaluate and provide evidence of compliance for BOCNY Branch Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements
Data Privacy
Develop and implement strategies to ensure compliance with relevant privacy laws and regulations Stay up-to-date with changes in data privacy legislation and industry best practices Assist in the development and maintenance of privacy policies, standards and procedures Provide oversight and monitoring of privacy risk assessments by the FLUs Ensure all relevant processes reflect privacy requirements and comply with laws and regulations Plan and implement privacy training programs and communications Identify and assess privacy risks within the organization
Metrics & Reporting
Manage all metrics and reporting for CISO Operational Executive & Board Budget & Headcount Dashboards
Qualifications
Bac helor’s degree in Business, Risk, Data, Computer Science, Management Information Systems, Engineering, Mathematics, or related field Minimum 3 years of work experien ce in Financial services Risk Management, Audit, IT/IS Operations, Data Privacy or other relevant functions Minimum 2 years of experience in d eveloping and executing IT/IS Risk programs, projects, and policies Minimum 1 year of experine ce w orking with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks Good understanding of regulatory requirements including FFIEC, GLBA, NIST Knowledge of Information security and cyber security best practices Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc. Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc. CISSP/CRISC/ or IT related certifications preferred
Pay Range
Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.
USD $42,000.00 - USD $90,000.00 /Yr. Seniority level
Seniority level Executive Employment type
Employment type Full-time Job function
Job function Information Technology Industries Banking Referrals increase your chances of interviewing at Bank of China USA by 2x Get notified about new Head of Information Security jobs in
New York, NY . New York City Metropolitan Area $190,000.00-$215,000.00 2 weeks ago New York, NY $200,000.00-$240,000.00 4 days ago New York City Metropolitan Area $240,000.00-$280,000.00 3 weeks ago New York, NY $120,000.00-$180,000.00 3 days ago Montvale, NJ $150,000.00-$180,000.00 1 week ago Brooklyn, NY $184,000.00-$240,000.00 1 week ago New York, NY $190,000.00-$240,000.00 4 days ago New York, NY $110,000.00-$230,000.00 1 week ago New York, NY $236,000.00-$265,499.00 2 weeks ago Director of Cybersecurity and Networking
Head of Product (Information Security and Identity)
Chief Information Security Office-Strategy, Programs & GRC AVP
New York, NY $65,000.00-$150,000.00 1 week ago AVP, Information Security – Strategy, Programs, and GRC
New York City Metropolitan Area $100,000.00-$150,000.00 1 month ago Head of Enterprise Information Protection - Director
Associate / AVP, Information Security / IT Risk
New York City Metropolitan Area 2 weeks ago Managing Director, Investment Banking - Cybersecurity & Software
Public Relations Account Director (B2B Technology, Cybersecurity, Financial Services)
Jersey City, NJ $125,000.00-$150,000.00 4 weeks ago Public Relations Account Director (B2B Technology, Cybersecurity, Financial Services)
New York, NY $125,000.00-$150,000.00 4 weeks ago Director, First Line Technology Controls Testing and Monitoring,
New York, NY $175,000.00-$225,000.00 2 weeks ago New York, NY $100,000.00-$145,000.00 1 week ago Director, Cybersecurity and Technology Risk
Director, Cybersecurity and Technology Risk
Managing Director, Private Equity Cybersecurity| Forensic & Litigation Consulting
New York, NY $294,500.00-$500,000.00 1 week ago New York, NY $140,000.00-$170,000.00 2 days ago New York, NY $150,000.00-$190,000.00 4 days ago Senior Associate, First Line Technology Risk, Governance, and Reporting
New York, NY $83,000.00-$130,000.00 4 hours ago New York, NY $90,000.00-$171,000.00 2 days ago Manager, First Line Technology Risk Governance and Reporting
New York, NY $135,000.00-$180,000.00 2 weeks ago New York, NY $135,000.00-$180,000.00 2 weeks ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Join to apply for the
Chief Information Security Office-Strategy, Programs & GRC Associate
role at
Bank of China USA Chief Information Security Office-Strategy, Programs & GRC Associate
4 days ago Be among the first 25 applicants Join to apply for the
Chief Information Security Office-Strategy, Programs & GRC Associate
role at
Bank of China USA Get AI-powered advice on this job and more exclusive features. Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.
Overview
This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance, Data Privacy functions as detailed below.
Responsibilities
Includes but not limited to:
Strategy
Coordinate Information Security strategy in alignment with the BOCNY branch strategy Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue Adjust strategy as necessary Provide end-to-end project management function for all CISO led projects
Programs
Manage all CISO programs, including but not limited to: Information Security Program Training & Culture Program Security Training Phishing Campaigns Tabletop Exercises Data Privacy Program
Governance
Establish and maintain Information Security policies and procedures Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance Develop, monitor, and track CISO policy adherence measures and metrics Provide all administrative functions for the Information Security Committee and all its sub-committees
Risk
Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing Track observed control gaps and root causes and annually refresh CISO policy and procedures to reflect new and enhanced controls
Compliance
Prepare and submit Audit Requests for evidence Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation Prepare response evidence for IT/IS related regulatory exams Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations Evaluate and provide evidence of compliance for BOCNY Branch Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements
Data Privacy
Develop and implement strategies to ensure compliance with relevant privacy laws and regulations Stay up-to-date with changes in data privacy legislation and industry best practices Assist in the development and maintenance of privacy policies, standards and procedures Provide oversight and monitoring of privacy risk assessments by the FLUs Ensure all relevant processes reflect privacy requirements and comply with laws and regulations Plan and implement privacy training programs and communications Identify and assess privacy risks within the organization
Metrics & Reporting
Manage all metrics and reporting for CISO Operational Executive & Board Budget & Headcount Dashboards
Qualifications
Bac helor’s degree in Business, Risk, Data, Computer Science, Management Information Systems, Engineering, Mathematics, or related field Minimum 3 years of work experien ce in Financial services Risk Management, Audit, IT/IS Operations, Data Privacy or other relevant functions Minimum 2 years of experience in d eveloping and executing IT/IS Risk programs, projects, and policies Minimum 1 year of experine ce w orking with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks Good understanding of regulatory requirements including FFIEC, GLBA, NIST Knowledge of Information security and cyber security best practices Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc. Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc. CISSP/CRISC/ or IT related certifications preferred
Pay Range
Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.
USD $42,000.00 - USD $90,000.00 /Yr. Seniority level
Seniority level Executive Employment type
Employment type Full-time Job function
Job function Information Technology Industries Banking Referrals increase your chances of interviewing at Bank of China USA by 2x Get notified about new Head of Information Security jobs in
New York, NY . New York City Metropolitan Area $190,000.00-$215,000.00 2 weeks ago New York, NY $200,000.00-$240,000.00 4 days ago New York City Metropolitan Area $240,000.00-$280,000.00 3 weeks ago New York, NY $120,000.00-$180,000.00 3 days ago Montvale, NJ $150,000.00-$180,000.00 1 week ago Brooklyn, NY $184,000.00-$240,000.00 1 week ago New York, NY $190,000.00-$240,000.00 4 days ago New York, NY $110,000.00-$230,000.00 1 week ago New York, NY $236,000.00-$265,499.00 2 weeks ago Director of Cybersecurity and Networking
Head of Product (Information Security and Identity)
Chief Information Security Office-Strategy, Programs & GRC AVP
New York, NY $65,000.00-$150,000.00 1 week ago AVP, Information Security – Strategy, Programs, and GRC
New York City Metropolitan Area $100,000.00-$150,000.00 1 month ago Head of Enterprise Information Protection - Director
Associate / AVP, Information Security / IT Risk
New York City Metropolitan Area 2 weeks ago Managing Director, Investment Banking - Cybersecurity & Software
Public Relations Account Director (B2B Technology, Cybersecurity, Financial Services)
Jersey City, NJ $125,000.00-$150,000.00 4 weeks ago Public Relations Account Director (B2B Technology, Cybersecurity, Financial Services)
New York, NY $125,000.00-$150,000.00 4 weeks ago Director, First Line Technology Controls Testing and Monitoring,
New York, NY $175,000.00-$225,000.00 2 weeks ago New York, NY $100,000.00-$145,000.00 1 week ago Director, Cybersecurity and Technology Risk
Director, Cybersecurity and Technology Risk
Managing Director, Private Equity Cybersecurity| Forensic & Litigation Consulting
New York, NY $294,500.00-$500,000.00 1 week ago New York, NY $140,000.00-$170,000.00 2 days ago New York, NY $150,000.00-$190,000.00 4 days ago Senior Associate, First Line Technology Risk, Governance, and Reporting
New York, NY $83,000.00-$130,000.00 4 hours ago New York, NY $90,000.00-$171,000.00 2 days ago Manager, First Line Technology Risk Governance and Reporting
New York, NY $135,000.00-$180,000.00 2 weeks ago New York, NY $135,000.00-$180,000.00 2 weeks ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr