Chief Information Security Office-Strategy, Programs & GRC Associate jobs in United States
cer-icon
Apply on Employer Site
company-logo

Bank of China USA · 2 weeks ago

Chief Information Security Office-Strategy, Programs & GRC Associate

positionNew York, NY
timeFull-time
remoteOnsite
seniorityEntry, Mid Level
money$42K/yr - $90K/yr
date3+ years exp

Bank of China USA is one of the largest banks in the world, providing a stable and reliable financial partner for various banking services. The incumbent will be responsible for managing Strategy, Programs, Governance, Risk, and Compliance functions to fulfill the bank's information security program requirements.

Banking
check
H1B Sponsor Likelynote

Responsibilities

Coordinate Information Security strategy in alignment with the BOCNY branch strategy
Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue Adjust strategy as necessary
Provide end-to-end project management function for all CISO led projects
Manage all CISO programs, including but not limited to:
Information Security Program
Training & Culture Program
Security Training
Phishing Campaigns
Tabletop Exercises
Data Privacy Program
Establish and maintain Information Security policies and procedures
Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
Develop, monitor, and track CISO policy adherence measures and metrics
Provide all administrative functions for the Information Security Committee and all its sub-committees
Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications
Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains
Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
Track observed control gaps and root causes and annually refresh CISO policy and procedures to reflect new and enhanced controls
Prepare and submit Audit Requests for evidence
Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation
Prepare response evidence for IT/IS related regulatory exams
Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
Evaluate and provide evidence of compliance for BOCNY Branch
Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements
Develop and implement strategies to ensure compliance with relevant privacy laws and regulations
Stay up-to-date with changes in data privacy legislation and industry best practices
Assist in the development and maintenance of privacy policies, standards and procedures
Provide oversight and monitoring of privacy risk assessments by the FLUs
Ensure all relevant processes reflect privacy requirements and comply with laws and regulations
Plan and implement privacy training programs and communications
Identify and assess privacy risks within the organization
Manage all metrics and reporting for CISO
Operational
Executive & Board
Budget & Headcount
Dashboards

Qualification

Risk ManagementData PrivacyInformation SecurityUS Banking RegulationsIT/IS Risk FrameworksCyber Security Best PracticesSecurity ToolsWindows ServerActive DirectoryFirewall ManagementUNIX SystemsNetwork ArchitecturesCISSP CertificationCRISC CertificationProject Management

Required

Bachelor's degree in Business, Risk, Data, Computer Science, Management Information Systems, Engineering, Mathematics, or related field
Minimum 3 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, Data Privacy or other relevant functions
Minimum 2 years of experience in developing and executing IT/IS Risk programs, projects, and policies
Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks
Good understanding of regulatory requirements including FFIEC, GLBA, NIST
Knowledge of Information security and cyber security best practices
Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc
Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc

Preferred

CISSP/CRISC/ or IT related certifications preferred

Company

Bank of China USA

twitter
company-logo
Bank of China (BOC) is one of the largest banks in the world, with more than $3 trillion in assets and a footprint that spans over 60 countries and regions.
dateFounded in 1981
location
New York, NY , US
people-size501-1000 employees
web-link
http://www.bocusa.com

H1B Sponsorship

Bank of China USA has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (57)
2024 (46)
2023 (52)
2022 (67)
2021 (36)
2020 (69)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Peter J Reisman
Managing Director, Chief Communications Officer
linkedin
Company data provided by crunchbase