Information Security Officer - Richmond Hill, Canada - Industrial and Commercial Bank of China (Canada)

Industrial and Commercial Bank of China (Canada)
Industrial and Commercial Bank of China (Canada)
Verified Company
Richmond Hill, Canada

2 weeks ago

Sophia Lee

Posted by:

Sophia Lee

beBee Recruiter
Description

Job Title:
Information Security Officer (ISO)


Reporting to:
Chief Risk Officer and Head of Information Technology Department


Employment Type:12-Month Contract/Full Time Permanent


Location:
Richmond Hill, Ontario


Job Description and Responsibilities:

Acts as ISO role to assist Chief Risk Officer in acting second line of defense of Cyber Security Risk Management:

  • To be responsible for maintaining and improving Information Security risk management framework in terms of bank's risk management framework.
  • To be responsible for manage and mitigate risks related to cyber security, data, information, privacy, outsourcing, and information technology compliance.
  • Independently identifies, assesses, and aggregates cyber, technology and resilience risks related to internal and external events through direction, training and influencing the behavior of bank employees.
  • Oversight the adoption and implementation of information security policies, technology, mitigation programs and related procedures to comply with regulatory guidance and Parent Bank guidance.
Acts as ISO role to assist Head of IT in leading the information security governance team:

  • Identify, define and substantiate the key threats to information assets, internally and externally
  • Optimize of information security policies and procedures, threat prevention, threat detection and an incident response strategy, including an incident response process, escalating security incidents, coordinating and leading investigations, and managing the recovery from attacks
  • Develop control program that proactively identifies threats to the bank and guides the acquisition of advanced security controls
  • Coordinate internally and externally, responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.
  • Identify the information security risks of engaging vendors and other third parties who access the Branch systems. Review and assess mitigating control as well.
  • Manage Cyber Security improvement projects, mitigation programs and related procedures to comply with regulatory guidance and Parent Bank guidance.
  • Manage a targeted information security awareness training program for all employees and contractors and establish metrics to measure the effectiveness of this security training program

Required Skills and Personal Attributes:


  • Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 80053, and PCI DSS
  • Knowledge of technical infrastructure, networks, databases, and systems in relation to Information Technology Security and Risk Management
  • Proven track record and experience in developing information security strategy, policies and procedures
  • Independent worker, accountable and skilled in exercising sound judgment, planning, organizational skills, team leadership, and decisiveness under pressure
  • Strong interpersonal partnering and organizational communication skills
  • Great command of spoken and written English
  • Able to communicate with partner IT teams in both English and Chinese with work proficiency

Qualifications:


  • BS in Computer Science, Information Technology, Network Engineer or Cyber Security. Advanced degree is preferred
  • At least 5 years of related experience in financial services: including knowledge of regulatory rules such as information security, cyber security and IT
  • Prior experience in risk, information security management, operations, audit or management consulting, preferably in a financial institution environment
  • Prior experience at a foreign financial institution is preferred
  • Professional security management certification such as CISA, CISM, CRISC,
- and/or other CISSP required


Job Types:
Full-time, Permanent, Fixed term contract

Contract length: 12 months


Benefits:


  • Company pension
  • Dental care
  • Disability insurance
  • Employee assistance program
  • Extended health care
  • Life insurance
  • Paid time off
  • Tuition reimbursement
  • Vision care

Schedule:

  • Day shift
  • Monday to Friday

Supplemental pay types:

  • Bonus pay
  • Overtime pay

Application question(s):

  • Can you work in bilingually in English and Chinese?

Education:


  • Bachelor's Degree (preferred)

Experience:

- information or cyber security work: 5 years (preferred)


Licence/Certification:

  • CISA, CISM, CRISC, CISSP (preferred)

Work Location:
In person
More jobs from Industrial and Commercial Bank of China (Canada)
See all jobs of Industrial and Commercial Bank of China (Canada)