AVP/VP, IT/IS Risk Management
Company: Cathay General Bancorp
Location: El Monte
Posted on: January 14, 2026
|
|
|
Job Description:
This position is responsible for the execution of 2LOD
governance and oversight of Information Technology Risk Management
(ITRM) which includes IT and IS governance and strategy, IT
operations, Information Security, Change and Configuration
Management, overall enterprise Information Technology and
Information Security governance, risk, and compliance (GRC)
management, and regular reporting to the Banks governance
committees. This individual will work closely with the Technology
Risk and Control partners in 1LOD to participate in the credible
challenge of the planning and implementation of Information
Technology controls for all material IT and IS Projects and to
provide oversight of the evaluation and selection of applications
and systems. This individual will make recommendations and assist
in the implementation of changes to work methods and procedures to
make them more effective, to strengthen controls, or manage risk.
This individual will also perform substantive control testing, as
required, to assess the operating effectiveness of IT and IS
general controls and application controls. ESSENTIAL FUNCTIONS • As
the Second Line of Defense (2LOD), provide thought leadership and
constructive challenge to the First Line of Defense (1LOD) for
control and risk-related matters. • Oversee IT risk management
practices covering all facets of the IT Risk Management Framework
(including Operations, Change Management, and Information
Security), provide interpretation and counsel on policies and
Standards. • Responsible for supporting the Information Technology
Risk Management program. • Support the adoption of the Bank’s eGRC
platform throughout the enterprise and promote its use among the
stakeholders of the Information Technology Risk Management program.
• Provide technical and best practice guidance on Information
Technology Risk Management and Information Technology, accounting
for specific business platform complexities and issues. • Provide
input into the setting of enterprise IT risk appetite based on
platform specific differences and specific business considerations.
• Develop periodic reports of Information Technology Risks and
control effectiveness as required. • Review Information Security,
Information Technology, and cybersecurity control processes along
with associated documentation, and reporting. • Review key audit,
regulatory and client due diligence to develop and communicate risk
themes and solutions to the business. • Establish effective
monitoring practices to ensure adherence to the IT Risk Management
framework, supporting policies and standards, and assist the
business in the identification of issues. • Perform 2LOD control
testing, as required, to assess the design and operating
effectiveness of 1LOD IT general controls and application controls.
• Advise and collaborate with IT and the business on appropriate
ways to strengthen controls in non-compliant areas. • Advise and
provide credible challenge on the mitigation of IT Risk Management
issues. • Assist in providing ongoing IT Risk Management governance
and direction for the enterprise. • Engage with the Bank’s leads
for Information Technology, Information Security, Disaster Recovery
& Business Continuity, Infrastructure, Data Governance, Vendor
Management, Third-Party Risk Management, and Change Management
Practices to obtain technical domain advice and advise on matters
of risk. • Develop and maintain key business relationships to
provide advice and oversight on new initiatives, products, and
projects. • Perform annual review and on-going monitoring and
development of 2LOD owned IT and IS policies and standards.
QUALIFICATIONS Education: • College degree in Computer Science,
Information Technology, or Information Security or equivalent
preferred. • CISA or similar audit certifications. • Industry
recognized certifications such as CISA, CRISC, or similar risk
certifications preferred. Experience: • Minimum 5 years’ experience
in Information Security Risk and/or Audit within the financial
services industry. • Minimum 3 years’ experience in IT Audit or
controls testing. • In depth knowledge and experience in
Information Technology Governance, Risk, and Compliance. •
Extensive knowledge and experience in regulatory guidance, most
importantly for the FDIC, CFPB, and FFIEC requirements and
supporting guidelines. Skills/Ability: • Strategic mindset, with
excellent knowledge and understanding of the financial industry.
Highly developed ability for conceptual thinking. • Excellent
communication and presentation skills. • Proven track record of
building strong relationships across business functions. • Strong
presentation skills, in anticipation of audiences with varying IT
knowledge; ability to adjust presentation details based on
audience. • Demonstrated ability to interact effectively,
internally, and externally, with the most senior representatives of
the Bank, other organizations, regulators, and vendors. • Strong
Microsoft Excel, PowerPoint, and report writing skills, including
the ability to evaluate the usefulness of data and use it in
meaningful communication. • Proven ability to initiate and manage
projects.
Keywords: Cathay General Bancorp, Rosemead , AVP/VP, IT/IS Risk Management, IT / Software / Systems , El Monte, California
