Job Title: Operational Risk Manager& Information Security Officer

Report to: Vice President, Operational Risk Management 

Position availability: immediate

Application Deadline: Aug 31,2017

Position Summary:

The job incumbent is responsible for supporting in implementing and managing the Bank’s Operational risks in areas of information security and business continuity management, which is consistent with the OFSI Guideline and the overall strategies and requirements from the Parent Bank.

Job Main Responsibilities:

• Provide expertise in the identification of operational risks, assessment of controls and reporting on effectiveness of controls to ensure compliance with OSFI and Paren Bank’s regulatory and policy requirements with respect to operational risk management.
• Follow up with departments on operational risk management matters, including analyzing root causes of identified operational risks, proposing solutions to mitigate the risks, and defining actions to implement proposed improvements.
• Take the lead on developing, maintaining and updating the information security strategy and information security program.
• Develops and coordinate the Security Information and Event Management and other information security processes/controls for the Bank, including developing, reviewing, monitoring, analyzing, reporting, strengthening the policies/process/controls and mitigating the related risks.
• Manage and assist in performing on-going  security monitoring of information systems including assessing information security risk through qualitative risk analysis on a regular basis, conducting functional and gap analysis to determine to which key business areas and infrastructure comply with statutory and regulatory requirements, evaluating and recommending new information security control and counter measures against threats to information or privacy, and developing information security reports and dashboard reports.
• Act as the committed owner of the information security incident and vulnerability management processes from design to implementation and beyond.
• Be responsible for effective staff training program in place to increase awareness of information security management across the Bank.

Job Skills and Qualifications:

• University degree/college diploma in a relevant field, such as information technology, computer science or equivalent experience.
• At least 7years related experience in financial services industry or equivalent.
• 5+ years’ experience in the Technology Security field and risk management field.
• Good knowledge of bank IT operations, business application, regulatory environment and key technology risks.
• Advanced written and oral communication skills, with the capability to present and articulate complex concepts.
• Strong research, analytical, and problem-solving skills.
• Be willing to work under work pressure and meet deadlines.
• Besides English language skill and communication, knowledge (written and oral) of Chinese Mandarin is a value added asset.

To apply, please submit your resume along with the application form (available for download at http://www.bankofchina.com/ca/custserv/cs3/ ) to hr@ca.bocusa.com

Bank of China (Canada) is an equal opportunity employer and it is the bank’s policy to recruit and select applicants for employment solely on the basis of their qualifications with emphasis on selecting the best qualified person for the position. We welcome applications from all interested parties. Please understand that only qualified applicants will be contacted.