Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

This incumbent will provide Security Operation Center services as required to fulfill the Bank's information security program requirements. This incumbent will provide real-time response and analysis to security threats across enterprise systems. In addition, this incumbent will provide support to Security Services & Cyber Defense, Governance, Compliance and Risk Management functions. This position’s schedule will rotate on a planned 8-hour shifts basis, covering 24 hours/day, 7 days/week, including overnight, weekend, and holiday.

Security Operation Center 

• Execute incident response protocols for responding to and escalating incidents timely.
• Conduct initial incident response including containment, documentation, and communication.
• Assist with post-incident reporting and analysis.
• Maintain detailed and accurate records of security events and actions taken.

Security Services & Cyber Defense, Governance, Compliance and Risk Management

• Execute Security Policies and Standards. -  Manage assigned security monitoring tools.
• Analyze security alerts and assess potential threats.
• Conduct vulnerability scans, patch management, Identity & Access Management, Penetration Testing, Data Privacy, Phishing and Training, Audit affairs and Risk Assessment as needed. 

• Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
• Minimum 1 year of work experience in Information security, cybersecurity, vulnerability management, security architecture, network, security tools and computer systems administration
• Minimum 1 year of experience in risk management
• Good understanding of regulatory requirements including FFIEC, GLBA, NIST
• Knowledge of Information security and cyber security best practices
• Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.
• Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc
• Good understanding of protocol behaviors, validity of identified vulnerabilities - CISSP/CRISC/ or IT related certifications preferred