Office Status: Hybrid
Salary: $100,000 to $140,000
Responsibilities:
Responsible to develop and maintain all IT and Cybersecurity local procedures for NY/LA branches based on US regulatory requirement and THE BANK Policies & Standards include but not limited to Information Security Policy and Cyber Security Strategy, associated standards and guidance pertaining.
Development of Business Continuity, Incident Response Strategy and plans.
Identify strengths and weaknesses in the Information Security Program as they relate to privacy, security, business resiliency and compliance frameworks to detect, prevent and react to current and emerging information security threats
Prepare for IT related risk assessments and gap analysis against internal controls and regulatory requirements.
Updating IT management of any new regulatory requirements, and/or any newly identified IT risk on regular basis.
Working with Head Office Risk Control & Governance, Operational Risk Management, and Compliance staff on implementing enhancement of risk management initiatives.
Advise on and challenge control matters as needed from a 1.5 line of defense perspective.
Respond to incidents including suspected cybersecurity incidents according to incident response plan and playbooks.
Oversight of KRI reporting and review indicators healthiness and, provide regular update to US IT Committee and relevant oversight committee in Head Office.
Support and assist with NY/LA branch audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication and ownership.
Participate in IT governance related meetings and articular IT risk control issues to ITG management and branch
management.
Coordinate internal and external parties to conduct security assessment (such as Red/Blue/Purple team and penetration test) based on regulatory requirement.
Based on THE BANK head office requirements to organize security awareness education program and necessary trainings for US branches to promote the security cultures.
Ad-hoc task or projects assigned by IT management and head office related to Information Security.