This position will assist the CISO to manage and maintain the 3rd Party Risk Management Program and will act as a back to perform Information Security duties.
For operational risk management, the person will perform monitoring, periodic reviews, assessments and reporting and enhance this risk management in collaboration with the Vice President. This position will be in-charge-person of the second line for the operational risk management framework in The Bank's New York Branch.
I. 3rd Party Risk Management:
- Assist in the development and maintenance of the 3rd Party Risk Management Procedure
- Manage and maintain the 3rd Party processes including but not limited to regulatory expectations, risk assessments, gap analysis and process improvements.
- Conduct periodic evaluations and assessments of 3rd Party vendors
- including the on-boarding and off boarding process.
- Maintain and conduct periodic 3rd party awareness training to key stakeholders.
- Prepare key metrics for Management and Committee reporting
- Assist in preparing audit materials as requested by the Internal Audit Division.
II. Operational Risk and Regulatory Reporting:
- Enhance the Branch’s operational risk management continuously.
- Review RCSA of each group of the Branch upon changes and make challenges including annual review which involves analysis and aggregation of the RCSA results.
- Responsible for tracking record of Operational Risk Reporting in the Branch so that the Branch can monitor and analyze the operational risk incidents as well as confirm the preventive measures.
- Engage in identifying, measuring, reviewing, aggregating monitoring, or controlling operational risks within the risk appetite for US operations independently from the business operations.
- Report the Branch’s operational risk management to Branch senior management, IT & Operational Risk Committee, Branch Oversight Committee and US Risk Committee (the “USRC”) to review.
- Help USCRO to oversee the activities of CRM who serve as the risk management function for the Branch and determine key risk indicators to be monitored on a regular basis and to ensure that the Branch’s business activities are performed within the US risk appetite.
- Produce a monthly report that summarize the status of operational risk incidents and commentary that includes the result of quarterly RCSA checking to senior management on a monthly basis.
III. Information Security:
- Act as a secondary/back-up to perform Information Security tasks, reviews and user administration.
Position Requirements (Experience, Education, Registrations, Communication Abilities, etc.)
- Bachelor’s degree in Information Security, Computer Science or related field.
- Knowledge of 3rd Party Risk Management.
- Knowledge/experience of Operational Risk Management.
- Knowledge of Windows, Windows servers including active Directory and AS400 platforms.
- Knowledge of security tools such as Anti-Virus, Vulnerability Scanner and SIEM software.
- In-depth understanding of Information Security Administration.
- Professional Security certification not required but a plus.
- Knowledge of information security related topics such as FFIEC, NYDFS Part500, ISO 270XX, etc.
