AVP/VP, IT/IS Risk Management

GENERAL SUMMARY

This position is responsible for the execution of 2LOD governance and oversight of Information Technology Risk Management (ITRM) which includes IT and IS governance and strategy, IT operations, Information Security, Change and Configuration Management, overall enterprise Information Technology and Information Security governance, risk, and compliance (GRC) management, and regular reporting to the Bank's governance committees. This individual will work closely with the Technology Risk and Control partners in 1LOD to participate in the credible challenge of the planning and implementation of Information Technology controls for all material IT and IS Projects and to provide oversight of the evaluation and selection of applications and systems. This individual will make recommendations and assist in the implementation of changes to work methods and procedures to make them more effective, to strengthen controls, or manage risk. This individual will also perform substantive control testing, as required, to assess the operating effectiveness of IT and IS general controls and application controls.

ESSENTIAL FUNCTIONS

• As the Second Line of Defense (2LOD), provide thought leadership and constructive challenge to the First Line of Defense (1LOD) for control and risk-related matters.
• Oversee IT risk management practices covering all facets of the IT Risk Management Framework (including Operations, Change Management, and Information Security), provide interpretation and counsel on policies and Standards.
• Responsible for supporting the Information Technology Risk Management program.
• Support the adoption of the Bank's eGRC platform throughout the enterprise and promote its use among the stakeholders of the Information Technology Risk Management program.
• Provide technical and best practice guidance on Information Technology Risk Management and Information Technology, accounting for specific business platform complexities and issues.
• Provide input into the setting of enterprise IT risk appetite based on platform specific differences and specific business considerations.
• Develop periodic reports of Information Technology Risks and control effectiveness as required.
• Review Information Security, Information Technology, and cybersecurity control processes along with associated documentation, and reporting.
• Review key audit, regulatory and client due diligence to develop and communicate risk themes and solutions to the business.
• Establish effective monitoring practices to ensure adherence to the IT Risk Management framework, supporting policies and standards, and assist the business in the identification of issues.
• Perform 2LOD control testing, as required, to assess the design and operating effectiveness of 1LOD IT general controls and application controls.
• Advise and collaborate with IT and the business on appropriate ways to strengthen controls in non-compliant areas.
• Advise and provide credible challenge on the mitigation of IT Risk Management issues.
• Assist in providing ongoing IT Risk Management governance and direction for the enterprise.
• Engage with the Bank's leads for Information Technology, Information Security, Disaster Recovery & Business Continuity, Infrastructure, Data Governance, Vendor Management, Third-Party Risk Management, and Change Management Practices to obtain technical domain advice and advise on matters of risk.
• Develop and maintain key business relationships to provide advice and oversight on new initiatives, products, and projects.
• Perform annual review and on-going monitoring and development of 2LOD owned IT and IS policies and standards.

QUALIFICATIONS

Education:

• College degree in Computer Science, Information Technology, or Information Security or equivalent preferred.
• CISA or similar audit certifications.
• Industry recognized certifications such as CISA, CRISC, or similar risk certifications preferred.

Experience:

• Minimum 5 years' experience in Information Security Risk and/or Audit within the financial services industry.
• Minimum 3 years' experience in IT Audit or controls testing.
• In depth knowledge and experience in Information Technology Governance, Risk, and Compliance.
• Extensive knowledge and experience in regulatory guidance, most importantly for the FDIC, CFPB, and FFIEC requirements and supporting guidelines.

Skills/Ability:

• Strategic mindset, with excellent knowledge and understanding of the financial industry. Highly developed ability for conceptual thinking.
• Excellent communication and presentation skills.
• Proven track record of building strong relationships across business functions.
• Strong presentation skills, in anticipation of audiences with varying IT knowledge; ability to adjust presentation details based on audience.
• Demonstrated ability to interact effectively, internally, and externally, with the most senior representatives of the Bank, other organizations, regulators, and vendors.
• Strong Microsoft Excel, PowerPoint, and report writing skills, including the ability to evaluate the usefulness of data and use it in meaningful communication.
• Proven ability to initiate and manage projects.

OTHER DETAILS

AVP: $88K - $118K / year
VP: $118K - $160K / year
Pay determined based on job-related knowledge, skills, experience, and location.
This position may be eligible for a discretionary bonus.

Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k).

Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy.

Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We believe in diversity, equity, and inclusion in the workplace. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law.

Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster:
Poster- English

Poster- Spanish

Poster- Chinese Traditional Poster- Chinese Simplified

Cathay Bank endeavors to make www.CathayBank.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at (626) 582-7370 or mickey.hsu@cathaybank.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.