Introduction:
Since 1973, East West Bank has served as a pathway to success. With over 110 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement.
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.
Overview:
We are seeking a proactive and detail-oriented professional to join our Enterprise Risk Management team, focusing on technology and cyber risk. This role is responsible for developing and implementing risk management procedures, conducting independent assessments, and ensuring risks are effectively identified, monitored, and mitigated across the organization. The ideal candidate will collaborate closely with business units and the first line of defense to evaluate control effectiveness, lead risk reporting efforts, and provide strategic guidance on mitigation strategies. This position plays a key role in maintaining a strong risk posture by analyzing emerging threats, reviewing RCSAs, and delivering actionable insights to senior leadership, while staying aligned with industry best practices and regulatory expectations.
Responsibilities:
- Support the development, implementation, and monitoring of enterprise technology and cyber risk management procedures and methodologies.
- Manage and coordinate technology risk activities to ensure key risks are identified, escalated, tracked, and remediated in a timely manner.
- Review and challenge the effectiveness of first-line risk mitigation strategies and controls.
- Independently assess technology and cyber risks to ensure alignment with the bank’s risk appetite and identify potential vulnerabilities.
- Collaborate with the first line of defense to evaluate control effectiveness and enhance the control environment.
- Conduct independent risk analyses and credible challenge activities to support technology risk oversight.
- Analyze and report on control testing results, identifying trends and recommending improvements.
- Lead the identification, assessment, monitoring, and reporting of technology risks across the organization.
- Partner with business units to understand risk profiles, evaluate exposures, and implement mitigation strategies.
- Review internal and external risk reports using the bank’s risk framework.
- Monitor and validate the closure of identified risks and control issues.
- Conduct and assess Risk and Control Self-Assessments (RCSAs) for design and operational effectiveness of controls.
- Provide guidance on risk mitigation and control enhancements to business stakeholders.
- Support quality reviews of RCSAs and recommend improvements.
- Deliver regular reports to senior management on the status of technology and cyber risks.
- Influence stakeholders to align on risk mitigation and remediation strategies.
- Identify emerging risks through data analysis and recommend timely mitigation actions.
- Stay current with industry best practices and regulatory developments.
- Perform other duties and special projects as assigned.
- 10+ years of direct, related experience in Risk Management, Information Technology Audit, or Cyber Security.
- Strong written and verbal communication skills to confidently interact across all levels of the organization, including management, executives, regulators, and the board of directors.
- Outstanding business and cybersecurity communication skills.
- Highly organized and efficient, with the ability to balance and manage multiple projects concurrently.
- Demonstrated strategic and tactical thinking, decision-making skills, and business acumen.
- Advanced knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards, and practices.
- Knowledge and experience with frameworks and specific regulatory guidance, including CRI, NIST, GLBA, ISO.