This position is for an Information Security Risk Reporting Analyst (“Analyst”) in the US Region ERM team to support day-to-day operations: consolidate information security event investigation and findings as well as perform data analysis and consolidated information security reporting. The Analyst will work in close partnership with the US Region Institution Information Security Officers (“CISO”), Information Technology and Information Security teams, and Head Office Information Technology.

Responsibilities:

• Schedule, coordinate and review information security assessments conducted by US Region institutions
• Identify, consolidate, and summarize institution security issues and corrective actions
• Produce a consolidated report on IT risk assessment, risk levels, outcomes and associated recommendations
• Monitor and track institution corrective action plans
• Produce consolidated and risk metrics on a regular basis
• Contribute to the permanent improvement of the US Region Information Security risk management program
• Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required internal standards and regulations
• Maintain broad knowledge of best practices and trends in the field of Information Security

Required Skills and Personal Attributes:

• Strong Information Technology or Information Security knowledge in banking or financial services industry
• Familiarity with Information Security related regulatory requirements in U.S., such as NYS DFS 500, NIST, GBLA, and CSF.
• Good command of spoken and written English and Chinese
• Proficient in Microsoft Office and spreadsheet applications
• Strong organization, analytical, team-working and problem-solving skills
• Self-disciplined, and capable to work independently
• Ability to effectively communicate with technical and non-technical resources
• Ability to cope with pressure and responsibly

Qualifications:

• Bachelor’s degree in finance or IT related majors and continuous training on Information Security or related, and 5+ years of working experience;
• Information Security Professional Certifications (CISSP, CISA, CCP, etc.) a plus