Chief Information Security Office - Security Operation Center Associate en Bank of China
Bank of China · New York, Estados Unidos De América · Onsite
- Professional
- Oficina en New York
Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.
Overview:This incumbent will provide Security Operation Center services as required to fulfill the Bank's information security program requirements. This incumbent will provide real-time response and analysis to security threats across enterprise systems. In addition, this incumbent will provide support to Security Services & Cyber Defense, Governance, Compliance and Risk Management functions. This position’s schedule will rotate on a planned 8-hour shifts basis, covering 24 hours/day, 7 days/week, including overnight, weekend, and holiday.
Responsibilities:Security Operation Center
- Execute incident response protocols for responding to and escalating incidents timely.
- Conduct initial incident response including containment, documentation, and communication.
- Assist with post-incident reporting and analysis.
- Maintain detailed and accurate records of security events and actions taken.
Security Services & Cyber Defense, Governance, Compliance and Risk Management
- Execute Security Policies and Standards. - Manage assigned security monitoring tools.
- Analyze security alerts and assess potential threats.
- Conduct vulnerability scans, patch management, Identity & Access Management, Penetration Testing, Data Privacy, Phishing and Training, Audit affairs and Risk Assessment as needed.
- Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
- Minimum 1 year of work experience in Information security, cybersecurity, vulnerability management, security architecture, network, security tools and computer systems administration
- Minimum 1 year of experience in risk management
- Good understanding of regulatory requirements including FFIEC, GLBA, NIST
- Knowledge of Information security and cyber security best practices
- Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.
- Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc
- Good understanding of protocol behaviors, validity of identified vulnerabilities - CISSP/CRISC/ or IT related certifications preferred
Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.
