Chief Information Security Office - Security Operation Center Associate - Bank of China : Job Details

This incumbent will provide Security Operation Center services as required to fulfill the Bank's information security program requirements. The incumbent will provide real-time response and analysis to security threats across enterprise systems. In addition, this incumbent will provide support to the Security Services & Cyber Defense, Governance, Compliance and Risk Management functions. This position's schedule will rotate on a planned 8-hour shifts basis, covering 24 hours/day, 7 days/week, including overnight, weekend, and holiday.

Responsibilities:

Security Operation Center:

• Execute incident response protocols for responding to and escalating incidents timely.
• Conduct initial incident response including containment, documentation, and communication.
• Assist with post-incident reporting and analysis.
• Maintain detailed and accurate records of security events and actions taken.

Security Services & Cyber Defense, Governance, Compliance and Risk Management:

• Execute Security Policies and Standards. Manage assigned security monitoring tools.
• Analyze security alerts and assess potential threats.
• Conduct vulnerability scans, patch management, Identity & Access Management, Penetration Testing, Data Privacy, Phishing and Training, Audit affairs and Risk Assessment as needed.

Qualifications:

• Bachelor's degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required.
• Minimum 1 year of work experience in Information security, cybersecurity, vulnerability management, security architecture, network, security tools and computer systems administration.
• Minimum 1 year of experience in risk management.
• Good understanding of regulatory requirements including FFIEC, GLBA, NIST.
• Knowledge of Information security and cyber security best practices.
• Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.
• Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc.
• Good understanding of protocol behaviors, validity of identified vulnerabilities - CISSP/CRISC/ or IT related certifications preferred.

Pay Range:

Actual salary is commensurate with candidate's relevant years of experience, skillset, education and other qualifications.

USD $42,000.00 - USD $90,000.00 /Yr.