Back to search results

Assistant Vice President / Vice President, Information Security Controls Specialist (Regulatory Assurance Analyst), Global Information Security

Singapore, , Singapore

Job Description:

About Bank of America:

Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.

Connecting Asia Pacific to the World

Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.


The Global Information Security (GIS) Governance Risk & Controls team in Asia Pacific oversees management of cybersecurity risk in the region. This includes holistic alignment of data security, technology, and innovation policies, controls, and processes to laws, rules, and regulations and driving risk-informed decision-making. The team is also responsible for representing the bank’s cybersecurity interests with local and regional industry partners and reducing overall exposure to cybercrime.

Position Description

Background: As a specialist in the GIS APAC GRC team, the Regulatory Assurance Analyst will be responsible for championing regulatory assurance program including definition and roll out of program related to information security. This will be achieved through rigorous analysis of regulatory requirements and a structured approach to compliance reviews. The Regulatory Assurance Analyst will drive proactive self-assessment of regulatory compliance in APAC. This will involve assessing regional laws, rules, regulations and industry standards impacting information security and ensuring the Bank’s compliance to these. Other key responsibilities include reviewing and remediating issues related to information security policy, standards, baselines, and exceptions that impact regulatory compliance. The role will ensure that policy, control, exception, and regulatory governance processes and relevant supporting evidence are ready for audit and regulatory inspection.

Key Responsibilities

  • Develop and deliver the GIS Regulatory Assurance capability and program for the Bank
  • Refine and manage the program for sustainability.
  • Senior stakeholder engagements to roll out and address program requirements
  • Coordinate with global/regional SMEs to deliver cyber assurance program
  • Support cybersecurity LRR and policy/regulatory programs in the region
  • Drive awareness on regulatory thematic areas based on analysis of regulatory requirements and drivers
  • Support regulatory engagements and/or roll out of exam management initiatives

Key Requirements

  • Experience working with regulators, risk forums or equivalent organizations with good understanding of policies and regulatory requirements
  • Broad understanding of cybersecurity and data principles and management techniques
  • A self-starter, team player with a strong people-influencing skillset
  • Intellectual curiosity and a desire to learn new skills
  • Knowledge of APAC laws, rules, and regulations impacting information security
  • Excellent command of the English Language
  • The ability to communicate and understand how to translate technical gaps into business risk
  • BA/BS in Information Technology, Information Security, Computer Science, Cyber Security or related field, Advanced Degree desired.  Depending on work experience, experience may be considered in lieu of Degree
  • 6-9 years of cyber security/risk/regulatory experience
  • Certification desired but not required:  CISSP, CRISC, CISM

Learn more about this role

Part time


Manages People:


Talent Acquisition Contact:

Referral Bonus:

Check out the Singapore office

Our office is near favourite Seah Im Food Centre and a short hop to Sentosa—a popular island resort and home of the Merlion, Singapore’s guardian of prosperity.

Close-up side shot of the words Bank of America Merrill Lynch on outside office wall

Street Address

Primary Location:
2 HARBOURFRONT PLACE, #02-01, Singapore, 098499