Chief Information Security Office - Security Services & Cyber Defense - Security Operation Center AVP at Bank of China
Bank of China · New York, United States Of America · Onsite
- Senior
- Office in New York
Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.
Overview:This incumbent will provide Security Operation Center services as required to fulfill the Bank's information security program requirements. This incumbent will provide real-time response and analysis to security threats across enterprise systems. In addition, this incumbent will provide support to Security Services & Cyber Defense, Governance, Compliance and Risk Management functions. This position will also manage the SOC associates and lead the team to meet expectations. This position’s schedule will rotate on a planned 8-hour shifts basis, covering 24 hours/day, 7 days/week, including overnight, weekend, and holiday.
Responsibilities:Security Operation Center
- Execute incident response protocols for responding to and escalating incidents timely.
- Conduct initial incident response including containment, documentation, and communication.
- Conduct post-incident reporting and analysis. - Maintain detailed and accurate records of security events and actions taken.
- Analyze security alerts and assess potential threats. - Stay updated on current threat landscape and emerging attack techniques.
Team Management
- Supervise a team of SOC Associates during assigned shifts, ensuring task coverage and operational readiness.
- Enforce adherence to SOC Policies, Standards and Procedures and escalate deviations or issues as needed.
- Participate in the review and improvement of incident response Policies, Standards and Procedures.
Security Services & Cyber Defense, Governance, Compliance and Risk Assessment
- Execute Security Policies and Standards.
- Manage assigned security monitoring tools.
- Conduct vulnerability scans, patch management, Identity & Access Management, Penetration Testing, Data Privacy, Phishing and Training, Audit affairs and Risk Assessment as needed.
- Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
- Minimum 4 years of full time work experience
- Minimum 3 years of work experience in Information security, cybersecurity, vulnerability management, security architecture, network, security tools and computer systems administration
- Minimum 3 years of experience in risk management
- Good understanding of regulatory requirements including FFIEC, GLBA, NIST
- Knowledge of Information security and cyber security best practices
- Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.
- Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc
- Good understanding of protocol behaviors, validity of identified vulnerabilities
- CISSP/CRISC/ or IT related certifications preferred
Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.
