Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

At the Associate level, the Associate will be responsible for assisting to perform the Cybersecurity Management for RSD. As for AVP, the AVP will be responsible for vulnerability, patch, firewall management and issues remediation, cyber threat intelligence monitoring, security alert investigation, security issue tracking, monitoring and reporting, organizing pen test.

For Associate level:

Cybersecurity Operation

• Perform ADC access management operation by following ADC access management procedures.
• Maintain ADC data scrambling procedure and perform validation of scrambled files/databases based on helpdesk tickets.
• Assist to conduct information security test of key IT projects.
• Identify, assess, monitor, report key information security/Cyber Security issues.
• Assist team leader to conduct periodic information security assessments and follow up the remediation status.
• Assist team leader to monitor, collect, track and report Cyber Threat Intelligence information from both externally and internally.
• Help to organize the monthly PVG meeting to present the patching and vulnerability management status.
• Help to investigate and follow up the information security alerts generated from various tools.

Audit Coordination

• Be one of the contact persons in ADC to interface with auditors;
• Coordinate efforts in addressing audit requests and inquiries;
• Coordinate action plan(s) with Bank of China Branches and ADC departments.

For AVP level:

Information Security/Cyber Security management

• Monitor, collect, track and report Cyber Threat Intelligence information from both externally and internally.
• Conduct periodic information security assessment and follow up the remediation status.
• Identify, assess, monitor, report key information security/Cyber Security issues.
• Organize the monthly PVG meeting to present the patching and vulnerability management stat.

Information Security Operation

• Manage and operate the information security tools (e.g. Nessus, Websense DLP, MobileIron, etc.).
• Be responsible for Vulnerability scan, analysis, tracking and reporting.
• Manage the penetration test processes in compliance with information security policies and standards.
• Investigate and follow up the information security alerts generated from various tools.
• Manage Privilege ID process - including the creation, access modification, and termination within ADC.
• Perform access recertification for all privileged IDs.
• Assist the Department Head to manage IT incident response processes.
• Conduct information security test of key IT projects.

Regulatory and Audit communication

• ADC’s Contact point with Internal/External Auditors.
• Assist in preparing and reviewing all requested documents by regulators/auditors.

• Bachelor Degree in Computer Science or Risk Management required
• Minimum 1 year of Cybersecurity Operation experience for Associate and minimum 4 years of Information Security Management experience for AVP
• CISSP and CISM preferred
• Bilingual ability in English and Mandarin preferred but not required
• Auditor experiences and Good communication skills preferred.
• Demonstrate knowledge in FFIEC Guidelines, SP800-53, FIPS-199, COBIT standards.