Bank of China Limited, New York Branch

The incumbent is responsible for all aspects of and will provide oversight, guidance and challenge to the Bank’s Third Party Risk Management (TPRM).. Third Party Risk Management. To thoroughly perform cyber/information security assessments of third party service providers’ enterprise using State Street’s risk management framework and cybersecurity assessment methods for vendors of varying sizes and complexities.. Document assessment results consistent with Bank of China’s TPRM, Issue Management and Enterprise Risk Management standards. 5-7 years of applicable experience in all aspects of Third-Party Risk Management (TPRM) program management and understanding of applicable laws, regulations, financial services, and regulatory trends that impact the bank

operational risk management

Introduction:
Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

Overview:
The incumbent is responsible for all aspects of and will provide oversight, guidance and challenge to the Bank’s Third Party Risk Management (TPRM). S/he will establish and enhance the Third Party Risk Framework, draft and maintain TPRM policies and standards, develop and execute TPRM annual work plans, and conduct periodic risk assessments. S/he will also assess, monitor and track TPRM lifecycle activities, ensure documentation completeness, and prepare aggregated TPRM reports on risk data and analysis.

Responsibilities:
Include but are not limited to Third Party Risk Management <ul><li>To thoroughly perform cyber/information security assessments of third party service providers’ enterprise using State Street’s risk management framework and cybersecurity assessment methods for vendors of varying sizes and complexities.</li><li>Review/analyze third party attestation and certification artifacts (SOC2, SIG, NIST, ISO 27001/2 Certifications, etc.) shared by third parties to identify the information security risks</li><li>Document assessment results consistent with Bank of China’s TPRM, Issue Management and Enterprise Risk Management standards</li><li>Provide subject matter expertise in the Third Party information security program and provide timely recommendations to identified problems</li></ul>

Qualifications:
<ul><li>Bachelor’s degree is required, and an advanced degree is preferred</li><li>5-7 years of applicable experience in all aspects of Third-Party Risk Management (TPRM) program management and understanding of applicable laws, regulations, financial services, and regulatory trends that impact the bank</li><li>Minimum 5 years of experience working in Cyber/Information Security Governance Risk and Compliance role</li><li>Minimum 3 years of experience performing Third Party Cyber/Information Security Assessment or Cyber Security Assessments</li><li>Knowledge of security and risk management frameworks as well as and regulations such as ISO 27001/27002, NIST, FRB/OCC Third Party Risk Management Guidelines, FFIEC Security Handbook, GDPR, DORA, etc.</li><li>Expertise in writing technical and risk management reports</li></ul>

Pay Range Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications. :
USD $65,000.00 - USD $150,000.00 /Yr.

START NEW SEARCH