IT Risk Management - AVP IT Risk Management - AVP …

Bank of China USA
in New York, NY, United States
Permanent, Full time
Last application, 15 Jul 19
Bank of China USA
in New York, NY, United States
Permanent, Full time
Last application, 15 Jul 19
This incumbent will be responsible for IT risk identification, assessment, reporting, training, and issue management. Other responsibilities include policy and procedures development, and audit and regulatory engagement.

Job Responsibilities

Include but not limited to


  • IT Risk Policy and Procedures
    • Contribute to the development and maintenance of IT Risk policies and  procedures
    • Provide input to technical standards for IT Governance and Program Management, IT Asset and Configuration Management, and IT Operations
    • Monitor and track IT Risk policy adherence, and identify any exceptions or noncompliance


  • IT Risk Identification, Assessment, Issue Management, and Reporting
    • Perform risk identification and assessment activities
    • Review and challenge IT assessment results in quarterly Risk and Control Self-Assessment (RCSA), IT controls reviews and tests
    • Catalog and oversee remediation of IT issues from Audit and Regulatory exams, IT risk management deep dives, Root Cause Analysis, Control Testing, and RCSA results
    • Monitor and report on IT Risk metrics, Key Risk Indicators, warnings, and breaches
    • Assist in the development of reporting materials for Risk Governance Forums


  • Other assignments
    • Provide input to other Operational Risk management process from IT risk management perspective
    • Prepare evidence for IT related Audit and Regulatory Exams
    • Assist with IT Risk trainings in IT risk management policy and procedure, awareness and actions



Job Requirements

  • A Bachelor’s Degree is required. A master’s degree is preferred.
  • Majors in Business, Computer Science, Management Information Systems, Engineering, Mathematics are preferred.
  • Minimum 5 years of experience in Financial services, Risk Management, Audit, IT, Operations, or other relevant functions is required with minimum 3 years of experience in developing and executing IT Risk programs, projects, and policies.
  • Familiarity in IT Risk management regulations, standards, frameworks including COBIT, ITIL, FFIEC Handbook is preferred.
  •  CISA, CISSP, CISM or other related IT Risk certificate is preferred.