Chief Information Security Office-Security Services & Cyber Defense Associate

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

This incumbent will provide Security Services and Cyber Defense functions as required to fulfill the Bank's information security program requirements. This incumbent will provide support to Security Architecture, Security Engineering, Security Operations, Identity & Access Management, Threat Management, Vulnerability Management and Penetration Testing functions.

Security Architecture, Security Engineering & Security Operations

• Provide Security Standards and requirements for all in-house and Third-Party applications being built or procured by the Bank
• Provide support and expertise to IT to find security solutions that meet requirement
• Manage assigned security monitoring tools for daily security monitoring which includes but not limited to: network devices, platforms, databases, applications
• Design, configure and enhance assigned security tools for effective security event monitoring and escalate accordingly
• Conduct assigned security tools rule and configuration validation and monitored devices recertification
• Identify and escalate security issues and assist in cybersecurity incident investigations
• Perform regular maintenance of assigned security tools including software upgrades, license updates and fine tuning of rules and configuration

Threat Management, Vulnerability Management & Penetration Testing

• Conduct threat assessment and modeling as required
• Conduct vulnerability scans of internal and external network
• Present results to IT and partner to perform analysis, set criticality levels and assign timelines for remediation
• Provide oversight of IT remediation, track and report all findings to the Information Security Committee
• Coordinate penetration testing exercises in collaboration with IT
• Present results to IT and partner to perform analysis, set criticality levels and assign timelines for remediation
• Provide oversight of IT remediation, track and report all findings to the Information Security Committee

Identity & Access Management

Conduct User Recertification & Access Reviews throughout all BOC applications on a periodic basis

• Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
• Minimum 3 years of work experience in Information security, cybersecurity, vulnerability management, security architecture, network, security tools and computer systems administration
• Minimum 2 years of experience in risk management

• Good understanding of regulatory requirements including FFIEC, GLBA, NIST

• Knowledge of Information security and cyber security best practices

• Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.

• Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc.

• CISSP/CRISC/ or IT related certifications preferred

Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.