• IT Risk Management & Compliance Manager

    Location US-CA-San Marino
    Job ID
    2018-6089
    Category
    Audit/Risk Management
    Position Type
    Full-Time
  • Overview

    For more than 40 years, East West Bank has served as a pathway to success. With over 130 locations across the U.S. and Greater China, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities. And our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, high-tech and aviation help build sustainable businesses and expand our employees’ potential for career advancement.

     

    Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With assets of $38.1 billion, we’re ranked among the 30 largest banks in the United States and currently top 5 in “America’s 100 Best Banks” by Forbes, a list where we've consistently been in the top 15 since 2010. With a strong foundation, an enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.

     

    The IT Risk Management & Compliance Manager for the IT Risk Management & Compliance team within the Enterprise IT Risk Management department. Reporting to the Head of IT Risk management & Compliance, this critical role will be responsible for, but not limited to, executing IT vendor risk assessments, enhancing and maintaining East Wesdt Bank’s IT/IS control framework, enterprise level IT risk assessments, and serving as coordinator for internal/external auditors and regulators.

    Responsibilities

    • Provide technical and best practice guidance on IT Risk to various business units, including but not limited to:
      • Business Continuity
      • Vendor Management
      • Information and Security Risk
      • Regulatory and Operational Risk
    • Provide support for IT for specific business platform and regional complexities and issues.
    • Manage, maintain, and continuously develop the IT Risk management process, including strategy, policies, process, and metrics.
    • Contribute to various project requests from functional teams to increase operational efficiency, strengthen IT environment, and help meet the company’s internal and external regulatory or compliance requirements.
    • Ensure the compliance of all applications, systems and network infrastructure with security policies, standards and procedures. Assessment of access management, authentication, authorization, including the performance of User Access Reviews and Certifications.
    • Assist in identifying and implementing organizational risk management tools such as SailPoint and RSAM.
    • Conduct quarterly firewall audits to identify weaknesses in network security posture, assess change management policies, and ensure compliance with organizational policies and procedures.
    • Assist Compliance Lead in evaluating and analyzing issues or recommendations to improve processes that mitigate risk and bring systems and operations into compliance with goals and objectives.
    • Assist Compliance Lead’s efforts in support of external audits and assessment activities. Provide audit response and ongoing guidance on solutions to achieve and maintain security compliance, to mitigate information security risks and to correct compliance exposures and gaps.
    • Develop and maintain key business relationships in order to provide advice and oversight on new initiatives.
    • Monitor customer malware infections on end-user workstations and respond with guidance on mitigation strategies.
    • Conducts enterprise-wide training on IT risk and information security awareness.
    • Assist with enterprise level IT risk assessments for areas including, but not limited to, GLBA & Privacy, FFIEC Cyber Assessment Tool, IT Infrastructure & Assets, and etc.
    • Ensure vendor compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements.
    • Review and analyze vendor contract Statement of Work (SOW) and Service Level Agreements (SLAs) to ensure they meet operational needs and organizational requirements.
    • Communicate, escalate, and track vendor progress on assessment remediation activities.
    • Act as a liaison & SME for internal departments and vendors to successfully manage vendor risk.

    Qualifications

    • Bachelor’s Degree
    • Seven to nine years in the IT risk management and/or IT Audit related activities in the financial industry.
    • College-level oral and written skills, high-level technical writing skills preferred.
    • Must be comfortable collaborating with other departments and speaking publicly.
    • Must be able to demonstrate critical thinking as it relates to planning, policy formulation, problem resolution, and project management.
    • Must be able to deliver on short and long-term projects with minimal oversight.
    • Strong interpersonal and communication skills
    • Demonstrate leadership qualities and problem resolution skills
    • Develop and facilitate end user trainings as necessary.
    • Act as the Subject Matter Expert for IAM suite of tools to assist with critical technical, operational, and strategic decisions.
    • Perform role mining and implement role based access for the enterprise.
    • CISSP, CISA, CRISC and/or other relevant certifications

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.