Bank Of America South East Asia Information Security Officer Global 

Singapore 

695340880

Your background

• 8+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations.
• Good working knowledge of governance, risk management and compliance routines and control processes.
• Maintain a broad understanding of regional laws and regulatory requirements relating to information security and privacy, industry best practices, exposures, and their impact to the business.
• Experience in technology auditing and working with senior management is an advantage.
• Experience giving presentations and good interpersonal, communication and influencing skills.
• Financial Institution knowledge or strong LOB knowledge/experience for the type of business (e.g. Global Markets, Global Wholesale Banking etc.) is strongly desired.
• Has good initiative and able to work independently with minimum supervision.
• Acquired relevant professional certification preferred.

What you can expect

The SEA ISO reports directly to the Regional ISO and work closely with the country management including SEA Tech Executive, SEA COO, Compliance and Tech Risk team. In this role, you will be providing guidance on various complexity of security issues to the country stakeholders to ensure IS local regulations, GIS policies and standards are adhered to and IS risks are mitigated.

SEA ISO utilizes in-depth technical / project knowledge, plus the understanding of business requirements, and closely follows bank’s risk management framework, to influence and build a security aware culture and embed security into all layers of business processes to meet customer / client needs while protecting the Bank's assets.

What you will do

• Responsible for fulfillment of regulatory requirements (including assessments, submissions or inspections) related to information security.
• Attends to internal or external audits and issues related to information security.
• Drives country-specific control implementations or special programs, where deemed necessary based on risk assessments or local regulatory requirements.
• Provides GIS guidance and support to the country management, Tech & Operations and staff in risk assessments and implementation of appropriate information security procedures and controls with consideration to applicable GIS policy and/or regulatory requirements.
• Monitors existing and proposed security policies, standards, local rules and regulations; Identifies and escalates changes that will affect information security policy, standards and procedures.
• Works with GIS Policy teams and relevant control owners to ensure policy mapping and control gap assessment is performed for local regulations.
• Has country or entity-specific understanding of the critical business assets, risks and mitigation plans.
• Provides Cyber trainings to senior management and SEA associates as required.
• Collaborates with risk and control partners (e.g. Tech Risk, Compliance, Operational Risk, Internal Audit etc.) to improve security governance in the bank.
• Regularly report to country management IS risk posture.
• Conducts thematic reviews to identify relevant risks to SEA countries.
• Performs oversight function and governance on IS risks matters in SEA countries.
• Conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determine appropriate controls to mitigate risks.
• Monitor, track, and manage risk mitigations and exceptions and ensure adequate monitoring capability is incorporated into solutions.