Job Purpose:
Assist Head of Technology Risk to handle regulatory and audit related matters, perform risk assessments and manage the technology risks within the Group.
Main Responsibilities:
• Design, develop and update technology risk related policies, standards and guidelines.
• Perform risk assessments on IT projects, including but not limited to enhancements and/or new adoption of technologies across information security, infrastructure and application systems.
• Assess and manage cyber security risks, including but not limited to governance, identification, protection, detection, response, recovery, to uplift the cyber resilience and the overall system stability of the Group.
• Assess and manage Fintech risks, including but not limited to big data and artificial intelligence, cloud computing and digital innovations, to ensure regulatory compliance and sound risk management prior to adoption.
• Assess and manage supply chain risks including third party and nth party risks affecting IT outsourced activities or critical operations, to continuously monitor the service providers’ security postures in adhering to the Group’s security and privacy requirements.
• Handle regulatory related enquiries, onsite/offsite examinations and surveys
• Handle audit exercises conducted by internal and/or external auditor(s)
• Provide day-to-day technology risk advisory to all IT departments and technology risk management support to the subsidiaries in Macau and Mainland China
• Apply process to ensure that IT operational and control risks are at an acceptable level within the risk thresholds of the bank, by evaluating the adequacy of risk management controls; Perform day-to-day risk monitoring, reporting and mitigation in association with the key risk indicators
• Assist in communicating the risk management standards, policies and procedures to stakeholders.
• Analyze and report to management, and investigate into any non-compliance of risk management policies and protocols.
• Define appropriate framework for technology risk and/or cybersecurity monitoring (including monitoring requirements, indicators, datasets, collection and analytical methods).
• Assist to analyze IT incidents including security incidents (if needed), and make recommendations on remediation and preventive actions.
• Assist to promote risk awareness and culture within Information Technology Division.
• Assist to review the risks associated with production changes and ensure effective risk mitigation controls are put in place for change implementation.
Incumbent Requirements:
• Minimum 10 years of relevant work experience in technology risk management, preferable in Banking industry.
• University graduate in Computer Science / Information Technology / Information Systems Management or equivalent.
• One or more certificates listed below or equivalent:
- ISC2 Certified Information Security Professional (CISSP)
- ISACA Certified Information System Auditor (CISA)
- ISACA Certified Information Security Manager (CISM)
- ISC2 Certified Cloud Security Professional (CCSP)
• Solid experience in performing cyber security and technology risk assessments.
• Good understanding of IT systems, emerging technologies, and infrastructure along with the relevant controls required to mitigate risks.
• Sound knowledge with regulatory requirements in Hong Kong, Macau and Mainland China
• Excellent written and verbal communication skills including ability to communicate clearly and concisely to various levels
• Ability to communicate and understand Chinese as the regulatory requirements are written in the local language
• Ability to adapt to a fast-moving IT landscape and keep pace with new technologies
• Analytical mind-set and meticulous in the deliverables
• Dedication to fostering an inclusive culture and value diverse perspectives
Candidate with less experience will be considered as a Manager position