South East Asia Information Security Officer

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities, and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us

**Your background**
- Good working knowledge of governance, risk management and compliance routines and control processes.
- Maintain a broad understanding of regional laws and regulatory requirements relating to information security and privacy, industry best practices, exposures, and their impact to the business.
- Experience in technology auditing and working with senior management is an advantage.
- Experience giving presentations and good interpersonal, communication and influencing skills.
- Financial Institution knowledge or strong LOB knowledge/experience for the type of business (e.g. Global Markets, Global Wholesale Banking etc.) is strongly desired.
- Has good initiative and able to work independently with minimum supervision.
- Acquired relevant professional certification preferred.

**What you can expect**

The SEA Information Security Officer (ISO) function within Global Information Security (GIS) is responsible for information security control enforcement, cybersecurity awareness, and enablement across all lines of business, enterprise functions, technology, and operations teams in SEA across Singapore, Philippines, Malaysia, Indonesia and Thailand. The ISO team also leads cybersecurity external engagement.

The SEA ISO reports directly to the Regional ISO and work closely with the country management including SEA Tech Executive, SEA COO, Compliance and Tech Risk team. In this role, you will be providing guidance on various complexity of security issues to the country stakeholders to ensure IS local regulations, GIS policies and standards are adhered to and IS risks are mitigated.

SEA ISO utilizes in-depth technical / project knowledge, plus the understanding of business requirements, and closely follows bank’s risk management framework, to influence and build a security aware culture and embed security into all layers of business processes to meet customer / client needs while protecting the Bank's assets.

**What you will do**
- Responsible for fulfillment of regulatory requirements (including assessments, submissions or inspections) related to information security.
- Attends to internal or external audits and issues related to information security.
- Drives country-specific control implementations or special programs, where deemed necessary based on risk assessments or local regulatory requirements.
- Provides GIS guidance and support to the country management, Tech & Operations and staff in risk assessments and implementation of appropriate information security procedures and controls with consideration to applicable GIS policy and/or regulatory requirements.
- Monitors existing and proposed security policies, standards, local rules and regulations; Identifies and escalates changes that will affect information security policy, standards and procedures.
- Works with GIS Policy teams and relevant control owners to ensure policy mapping and control gap assessment is performed for local regulations.
- Has country or entity-specific understanding of the critical business assets, risks and mitigation plans.
- Provides Cyber trainings to senior management and SEA associates as required.
- Collaborates with risk and control partners (e.g. Tech Risk, Compliance, Operational Risk, Internal Audit etc.) to improve security governance in the bank.
- Regularly report to country management IS risk posture.
- Conducts thematic reviews to identify relevant risks to SEA countries.
- Performs oversight function and governance on IS risks matters in SEA countries.
- Conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determine appropriate controls to mitigate risks.
- Monitor, track, and manage risk mitigations and exceptions and ensure adequate monitoring capability is incorporated into solutions.