About Bank of America:
Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.
Connecting Asia Pacific to the World
Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.
Background: The Information Security Organization is responsible for executing the Bank’s information security strategy, policy and program. Provides advice to Global Technology & Operations (GT&O), Line-of-Business (LOB) and Country management with regard to various degrees of complexity of security issues. Utilizes in-depth technical / project knowledge, plus the understanding of business requirements, to design / direct secure solutions to meet customer / client needs while protecting the Bank's assets. Serves as GIS organization spokesperson with other technology or business groups. Assists in the review, development, testing and implementation of security plans, products/technologies, controls and processes.
- Provides GIS guidance and technical support to the GT&O and LOB management and staff in risk assessments and implementation of appropriate information security procedures and controls as per GIS policy and/or regulatory requirements
- Has country or entity-specific understanding of the critical business assets, risks and mitigation plans
- Manages regulatory requirements (including assessments, submissions or inspections) related to information security together with Compliance team
- Monitors existing and proposed security standards, local legislation and regulations
- Identifies and escalates changes that will affect information security policy, standards and procedures
- Executes security controls to prevent theft or disclosure of company information, and preventing e-commerce programs from being jeopardized
- Administers security policies to control access to systems and secured network perimeter. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors
- Provides Cyber trainings to Board members or Crisis Management Team members as required
- Supports Third Party IS team on country-level onsite or online assessment and remediation
- Collaborates with risk and control partners (e.g. BCMR, EERR, Op Risk, Compliance, Internal Audit etc.) to improve security governance in the bank
- Work leadership may be provided by assigning work and resolving problems
- Strong technical background in application, data networks and server infrastructure. Competent in applying technical knowledge to perform security risk assessments, and articulate controls requirements to mitigate identified gaps.
- Proven risk management experience identifying, analyzing and communicating business and security-related risks to the organization and corporate program.
- An experienced Information Security professional with at least 10-12 years in information technology security related activities, such as risk management, security design, implementation and testing.
- Good working knowledge of governance, risk management and compliance routines and control processes.
- Maintain a broad understanding of regional laws and regulatory requirements relating to information security and privacy, industry best practices, exposures, and their impact to the business.
- Experience in technology auditing and working with senior management is an advantage.
- Experience giving presentations and good interpersonal, communication and influencing skills.
- Financial Institution knowledge or strong LOB knowledge/experience for the type of business (e.g. Global Markets, Global Wholesale Banking etc.) is strongly desired.
- Has good initiative and able to work independently with minimum supervision.
Learn more about this role