Contractor, Information Security Officer, Global Information Security (12 months) recruitment

Overview

Bank of America is one of the world's largest financial institutions, serving individual consumers, small and middle market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk-management products and services. The company provides unmatched convenience in the United States, serving more than 59 million consumer and small business relationships with more than 6,100 retail banking offices, nearly 18,700 ATMs and award-winning online banking with nearly 29 million active users. Following the acquisition of Merrill Lynch on January 1, 2009, Bank of America is among the world's leading wealth management companies and is a global leader in corporate and investment banking and trading across a broad range of asset classes serving corporations, governments, institutions and individuals around the world. Bank of America offers industry-leading support to more than 4 million small business owners through a suite of innovative, easy-to-use online products and services. The company serves clients in more than 150 countries. Bank of America Corporation stock is a component of the Dow Jones Industrial Average and is listed on the New York Stock Exchange.

Job Description

Global Information Security (GIS)is transforming information into a competitive asset by improving the bank's ability to understand customers and clients while better managing risk. GIS also protects the information and maintains the bank's ability to serve even under difficult conditions. In meeting those responsibilities, GIS has enterprise accountability for information architecture, policy standards, access, delivery, analytics, security and resiliency.

The GIS Regional Information Security is growing its team to support the bank's global information security and enterprise resiliency governance program. The role is a highly visible working in a team which is accountable for facilitating the delivery of the entire breadth of the global GIS program in region, interfacing with leadership forums/councils as well as local and regional regulators and law enforcement, providing advice and support for local lines of business, and ensuring sound corporate governance and risk management practices that meet the needs of all stakeholders. The team is also responsible for monitoring and reporting on compliance with standards, applicable regulations and legislation, and highlighting regional trends and issues to the enterprise GIS program. The position would report to the Head of Asia RISO.

Responsibilities

· Act as an ambassador for the corporate GIS organisation, enhancing internal and external relationships.To serve as a spokesperson with business leaders within the region, with Technology and with key Lines of Business.

· Assist in implementing effective information security and enterprise resiliency programs are in place across regional business units

· Act as a point of contact for regional information security and enterprise resiliency issues, liaising with corporate programs as required

· Up to 30% regional travel required

· Support creation of standard metrics and reporting that will be used to measure the success of GIS efforts throughout the region. Present reports and scorecards to line of business management, leadership forums and councils, as appropriate.

· Coordinate with legal and privacy teams to ensure that information security and enterprise resiliency initiatives are consistent with legal and regulatory requirements

· Maintain a broad understanding of regional laws and regulatory requirements relating to information security and privacy, enterprise resiliency, industry best practices, exposures, and their impact to the business

· Promote awareness and understanding of information security and enterprise resiliency controls and programs to all levels across Business Units; (e.g., Executives, managers, technical, business and support staff, consultants and vendors, etc.)

· Participate in line of business self assessment processes and lead the various business units in the development of corrective action plans as a result of self assessments, risk assessments and security testing

· Provide guidance to the business for resolving audit findings and ensuring closure

Requirements

· Proven relationship management experience developing, influencing and growing trust-based relationships with line of business leaders, senior management, legal counsel, internal audit, and local regulators
Proven risk management experience identifying, analyzing and communicating business and security-related risks to the organization and corporate program

· Recognised expert in the technical, regulatory, and cultural aspects of information security and enterprise resiliency to articulate the risks and mitigation strategies to business execs.

· Proven advisory and consulting experience across the breadth and depth of controls within the Enterprise Information Management program portfolio.

· Lead the delivery of multiple, complex, high-profile projects, and will demonstrate strong influencing and negotiating skills with internal customers, suppliers, and other 3rd parties such as regulators, law enforcement agencies and industry groups.

· At least 10 years of professional experience with at least 5-7 years of successfully providing advisory and consulting services across the breadth and depth of GIS information security and enterprise resiliency controls.

· Working knowledge and understanding of the various lines of business which operate from within Asia