Home › Companies › Careers Bocusa Icims Com › Chief Information Security Office-Strategy, Programs & GRC AVP
Chief Information Security Office-Strategy, Programs & GRC AVP
Careers Bocusa Icims Com · New York, NY, US · Active · $3–$65,000 / year · iCIMS
Job facts
| Field | Value |
|---|---|
| Company | Careers Bocusa Icims Com |
| Title | Chief Information Security Office-Strategy, Programs & GRC AVP |
| Normalized title | - |
| Department / team | Risk |
| Location | New York, NY, United States |
| Work model | - |
| Employment type | Full Time |
| Salary | $3–$65,000 / year |
| Status | active |
| ATS provider | iCIMS |
| Posted / first seen | 2025-11-01 / 2026-05-31 |
| Changed / last seen | 2026-06-01 / 2026-06-20 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Careers Bocusa Icims Com. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through iCIMS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in New York. | Open |
| Department jobs | Active postings in Risk. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Careers Bocusa Icims Com |
| Source | 88a51bf4-aa45-4de7-b1d2-d4722929fd65 |
| ATS provider | iCIMS |
Description
Introduction
Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.
Overview
This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance functions as detailed below.
Responsibilities
Governance
Establish and maintain Information Security policies and procedures
Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
Develop, monitor, and track CISO policy adherence measures and metrics
Stragtegy & Programs
Coordinate Information Security strategy in alignment with the Bank's strategy
Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary
Provide end-to-end project management function for all CISO led projects
Manage all CISO programs, including but not limited to: Information Security Program & Training & Culture Program
Risk & Compliance
Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications
Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains.
Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
Prepare and submit Audit Requests for evidence
Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation
Prepare response evidence for IT/IS related regulatory exams
Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
Evaluate and provide evidence of compliance for BOCNY Branch
Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements
Metrics & Reporting
Manage all metrics and reporting for CISO
Qualifications
Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions
Minimum 3 years of experience in developing and executing IT/IS Risk programs, projects, and policies
Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks
Strong program, frameworks, project management development, implementation, and maintenance skills
Sound and practical IT/IS risk management and program knowledge
Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc.
CISSP/CRISC/ or IT related certifications preferred
Pay Range Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.
USD $65,000.00 - USD $150,000.00 /Yr.
Full job record
| Job ID | 03c9b0d29796a03619877a9a7572106de0f1fd82 |
| Org ID | eeee4cce-7ac2-49d7-8c86-9f273b3cdc2e |
| Source ID | 88a51bf4-aa45-4de7-b1d2-d4722929fd65 |
| Board ID | 88a51bf4-aa45-4de7-b1d2-d4722929fd65 |
| Provider | icims |
| Provider Job Key | 3869 |
| Title | Chief Information Security Office-Strategy, Programs & GRC AVP |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | New York, NY, US |
| Department | Risk |
| Team | — |
| Employment Type | full_time |
| Workplace Type | — |
| Remote Policy | — |
| Country | United States |
| Region | NY |
| City | New York |
| Salary Raw | Introduction Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business. Overview This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance functions as detailed below. Responsibilities Governance Establish and maintain Information Security policies and procedures Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance Develop, monitor, and track CISO policy adherence measures and metrics Stragtegy & Programs Coordinate Information Security strategy in alignment with the Bank's strategy Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary Provide end-to-end project management function for all CISO led projects Manage all CISO programs, including but not limited to: Information Security Program & Training & Culture Program Risk & Compliance Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains. Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing Prepare and submit Audit Requests for evidence Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation Prepare response evidence for IT/IS related regulatory exams Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations Evaluate and provide evidence of compliance for BOCNY Branch Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements Metrics & Reporting Manage all metrics and reporting for CISO Qualifications Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions Minimum 3 years of experience in developing and executing IT/IS Risk programs, projects, and policies Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks Strong program, frameworks, project management development, implementation, and maintenance skills Sound and practical IT/IS risk management and program knowledge Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc. CISSP/CRISC/ or IT related certifications preferred Pay Range Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications. USD $65,000.00 - USD $150,000.00 /Yr. |
| Salary Min | 3 |
| Salary Max | 65,000 |
| Salary Currency | USD |
| Salary Period | year |
| Source URL | https://careers-bocusa.icims.com/jobs/3869/chief-information-security-office-strategy%2c-programs-%26-grc-avp/job |
| Apply URL | https://careers-bocusa.icims.com/jobs/3869/chief-information-security-office-strategy%2c-programs-%26-grc-avp/job |
| First Seen At | 2026-05-31 18:43:18Z |
| Last Seen At | 2026-06-20 08:32:44Z |
| Last Checked At | 2026-06-20 08:32:44Z |
| Last Changed At | 2026-06-01 13:47:22Z |
| Inactive At | — |
| Source Posted At | 2025-11-01 04:00:00Z |
| Source Updated At | 2026-05-06 20:11:36Z |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=icims/board=careers-bocusa.icims.com/date=2026-06-20/2026-06-20T08-32-41-399Z-a022cac8f3a20d332747f31d72ff4093add2db6a1cc88bebf3a352a2963daeb5.json |
Event Fields
{
"content_hash": "24e23e095fd178b6e81294cd6b4c67b5956c3278ae7be99369126a71c823d841",
"source_hash": "9f460fb53558faa4ff6561ac428374afc9ba102b1bddd34319c85aa80de21dcc",
"last_changed_at": "2026-06-01T13:47:22.788Z",
"active_status": "active"
}Parsed Structured
{
"dedupe": null,
"language": "en",
"location": {
"raw": "New York, NY, US",
"city": "New York",
"region": "NY",
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"salary_max": 65000,
"salary_min": 3,
"inferred_at": "2026-06-20T08:32:44.895Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "New York, NY, US",
"city": "New York",
"region": "NY",
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"countries": [
"United States"
]
},
"remote_policy": null,
"salary_period": "year",
"workplace_type": null,
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"json_ld": {
"url": "https://careers-bocusa.icims.com/jobs/3869/chief-information-security-office-strategy%2c-programs-%26-grc-avp/job",
"@type": "JobPosting",
"title": "Chief Information Security Office-Strategy, Programs & GRC AVP",
"@context": "http://schema.org",
"baseSalary": {
"@type": "MonetaryAmount",
"currency": "USD",
"maxValue": 150000,
"minValue": 65000
},
"datePosted": "2025-11-01T04:00:00.000Z",
"description": "<h2>Introduction</h2>\n<p>Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.</p>\n<h2>Overview</h2>\n<p>This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance functions as detailed below.</p>\n<h2>Responsibilities</h2>\n<p>Governance</p>\n<ul>\n <li>Establish and maintain Information Security policies and procedures</li>\n <li>Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines</li>\n <li>Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance</li>\n <li>Develop, monitor, and track CISO policy adherence measures and metrics</li>\n</ul>\n<p>Stragtegy & Programs</p>\n<ul>\n <li>Coordinate Information Security strategy in alignment with the Bank's strategy</li>\n <li>Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives</li>\n <li>Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary</li>\n <li>Provide end-to-end project management function for all CISO led projects</li>\n <li>Manage all CISO programs, including but not limited to: Information Security Program & Training & Culture Program</li>\n</ul>\n<p>Risk & Compliance</p>\n<ul>\n <li>Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR </li>\n <li>Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications</li>\n <li>Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities</li>\n <li>Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains.</li>\n <li>Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing</li>\n <li>Prepare and submit Audit Requests for evidence</li>\n <li>Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation</li>\n <li>Prepare response evidence for IT/IS related regulatory exams</li>\n <li>Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations</li>\n <li>Evaluate and provide evidence of compliance for BOCNY Branch</li>\n <li>Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements</li>\n</ul>\n<p>Metrics & Reporting</p>\n<ul>\n <li>Manage all metrics and reporting for CISO</li>\n</ul>\n<h2>Qualifications</h2>\n<ul>\n <li>Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required</li>\n <li>Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions</li>\n <li>Minimum 3 years of experience in developing and executing IT/IS Risk programs, projects, and policies</li>\n <li>Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks</li>\n <li><p>Strong program, frameworks, project management development, implementation, and maintenance skills</p></li>\n <li><p>Sound and practical IT/IS risk management and program knowledge</p></li>\n <li><p>Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc.</p></li>\n <li><p>CISSP/CRISC/ or IT related certifications preferred </p></li>\n</ul>\n<h2>Pay Range<p><em>Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.</em></p></h2>USD $65,000.00 - USD $150,000.00 /Yr.",
"directApply": true,
"jobLocation": [
{
"@type": "Place",
"address": {
"@type": "PostalAddress",
"postalCode": "10018",
"addressRegion": "NY",
"streetAddress": "1045 Avenue of Americas",
"addressCountry": "US",
"addressLocality": "New York",
"postOfficeBoxNumber": "UNAVAILABLE"
}
}
],
"validThrough": "2027-11-01T04:00:00.000Z",
"employmentType": "FULL_TIME",
"salaryCurrency": "USD",
"hiringOrganization": {
"name": "Bank of China Limited, New York Branch",
"@type": "Organization",
"sameAs": "http://bocusa.com"
},
"occupationalCategory": "Risk"
},
"detail_meta": {
"url": "https://careers-bocusa.icims.com/jobs/3869/chief-information-security-office-strategy%2c-programs-%26-grc-avp/job?in_iframe=1",
"http_status": 200,
"content_type": "text/html;charset=UTF-8",
"response_bytes": 36230,
"compact_response_bytes": 5841,
"original_response_bytes": 36230
},
"sitemap_job": {
"id": "3869",
"url": "https://careers-bocusa.icims.com/jobs/3869/chief-information-security-office-strategy%2c-programs-%26-grc-avp/job",
"slug": "chief-information-security-office-strategy%2c-programs-%26-grc-avp",
"lastmod": "2026-05-06T16:11:36-04:00"
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/03c9b0d29796a03619877a9a7572106de0f1fd82?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/eeee4cce-7ac2-49d7-8c86-9f273b3cdc2eJSONGET https://api.bluedoor.sh/job-postings/v1/sources/88a51bf4-aa45-4de7-b1d2-d4722929fd65JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/03c9b0d29796a03619877a9a7572106de0f1fd82/eventsJSON