ERM Director of Technology Risk

Since 1973, East West Bank has served as a pathway to success. With over 120 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement.

Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With a strong foundation, and enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.

The Technology Risk Director will work within the bank’s second line of defense and will be responsible for providing expert guidance, credible challenge, and effective oversight of technology and information security activities throughout the company.

This role is responsible for developing and implementing the bank's risk management framework on Technology Risk. You will be responsible for incorporating and monitoring risk and control considerations within the organization and to identify regulatory, legal and compliance risk exposures related to products and solutions, environments, and frameworks.

This role will require an individual with deep technology knowledge in Risk & Controls, exceptional relationship management, communication, influencing skills at all levels, a strong focus on oversight of the Bank's Technology & Cybersecurity Risk Management programs.

• Lead establishment of second line of defense continuous monitoring program on Technology Risk.
• Lead independent identification, assessment, monitoring, and reporting of Technology Risk across the company’s technology environment.
• Establish effective engagement model with the first line of defense to assess control effectiveness and monitoring activities to strengthen the control environment and reduce risk.
• Establish target operating model on Technology Risk and define clear roles and responsibilities across first line of defense and second line of defense.
• Influence control owners and other stakeholders to build consensus on risk mitigation and remediation strategies.
• Provide oversight and guidance on key strategic Technology initiatives and assess impact of these initiatives on the company’s control environment.
• Serve as the Technology and Cybersecurity Risk Subject Matter Expert on assigned committees and working groups, while developing a positive working relationship with internal clients, staff, peers, and senior management.
• Ensure that key and emerging risks are communicated and escalated in a timely, accurate manner and within established governance frameworks. 
• Conduct and manage robust review and challenge process for enterprise-wide technology controls assessments, including evaluating evidence of existing controls, identifying significant control deficiencies, assessing adequacy of proposed remediation to address deficiencies, and monitoring remediation to closure. 
• Provide guidance, support, and risk sign-off on technology risk management of enterprise projects, new products and services, and major technology infrastructure changes.
• Identify key risk management requirements from federal and state regulators, as well as industry best practices, to create policies and build programs that are aligned to the Bank's risk appetite and strategic plan.
• Perform other duties and special projects as assigned.

• Bachelor's degree plus 15+ years of direct, related experience in Risk Management, Internal Audit, Information Security or Technology.
• Strong written and verbal communication skills to confidently interact across all levels of organization such as management, executives, regulators, and board of directors.
• Advanced knowledge of general banking operations, including deposit operations, loan administration, treasury management and/or other commercial banking products and services. 
• Outstanding written and verbal business and cybersecurity communication skills.
• Highly organized and efficient; ability to balance and manage multiple projects concurrently.
• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
• Advanced knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards and practices.
• Advanced knowledge and experience with frameworks and specific regulatory guidance, including ISO, COBIT, FFEIC, GLBA, NIST.
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Auditor (CISSA), or Certified Information Security Manager (CICM) certifications desired.
• CISO, deputy CISO, head of information technology/information security audit, head or lead information security risk management professional a plus.