Manager, Technology Risk

Position Details

Job Purpose:
Assist Head of Technology Risk and Senior Manager of Technology Risk to perform risk assessments and manage the technology risks within the Group.  

Main Responsibilities:  
•    Design, develop and update technology risk related policies, standards and guidelines.
•    Perform risk assessments on IT projects, including but not limited to enhancements and/or new adoption of technologies across information security, infrastructure and application systems.
•    Assess and manage cyber security risks, including but not limited to governance, identification, protection, detection, response, recovery, to uplift the cyber resilience and the overall system stability of the Group.
•    Assess and manage supply chain risks including third party and nth party risks affecting IT outsourced activities or critical operations, to continuously monitor the service providers’ security postures in adhering to the Group’s security and privacy requirements. 
•    Provide day-to-day technology risk advisory to all IT departments and technology risk management support to the subsidiaries in Macau and Mainland China
•    Assist in communicating the risk management standards, policies and procedures to stakeholders.
•    Assist to define appropriate framework for technology risk and/or cybersecurity monitoring (including monitoring requirements, indicators, datasets, collection and analytical methods).
•    Assist to analyze IT incidents including security incidents (if needed), and make recommendations on remediation and preventive actions. 
•    Assist to promote risk awareness and culture within Information Technology Division. 
•    Assist to review the risks associated with production changes and ensure effective risk mitigation controls are put in place for change implementation.

Incumbent Requirements:
•    Minimum 5 years of relevant work experience in technology risk management, preferable in Banking industry. 
•    University graduate in Computer Science / Information Technology / Information Systems Management or equivalent.
•    One or more certificates listed below or equivalent:
      - ISC2 Certified Information Security Professional (CISSP)  
      - ISACA Certified Information System Auditor (CISA)
      - ISACA Certified Information Security Manager (CISM)
      - ISC2 Certified Cloud Security Professional (CCSP)
•    Solid experience in performing cyber security and technology risk assessments.
•    Good understanding of IT systems, emerging technologies, and infrastructure along with the relevant controls required to mitigate risks.
•    Solid knowledge with regulatory requirements in Hong Kong, Macau and Mainland China
•    Excellent written and verbal communication skills including ability to communicate clearly and concisely to various levels
•    Ability to communicate and understand Chinese as the regulatory requirements are written in the local language
•    Ability to adapt to a fast-moving IT landscape and keep pace with new technologies
•    Analytical mind-set and meticulous in the deliverables
•    Dedication to fostering an inclusive culture and value diverse perspectives
 

Please note that only shortlisted candidates will be notified.