Associate, Group Technology Risk Management

Company Introduction:

We’re home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.

HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."

Job Summary:

We are seeking a detail-oriented professional with strong communication skills to support technology resilience and risk advisory activities across the HKEX Group. The role involves monitoring and reporting on cyber and technology risks, preparing clear and structured governance reports on control measures and their effectiveness, and enhancing incident readiness and response.

Job Duties:

Responsibilities:

• Help facilitate the governance and management of cyber and technology risks across the HKEX Group.
• Role will include coordinating with internal departments to track cyber and technology risk mitigating measures and controls; and help draft reports on control measures and their effectiveness for senior stakeholders.
• Support efforts to enhance the readiness of relevant stakeholders in handling cyber and technology incidents.
• Monitor and research emerging cyber and technology risk trends; escalate potential risks in a timely manner and propose appropriate mitigating measures.
• Identify cyber and technology risk implications for key projects and initiatives.
• Assist in defining practical policies, guidelines and playbooks which incorporate applicable legal and regulatory requirements, industry standards, and best practices.
• Support investigations into cyber and technology incidents or control lapses.
• Assist with cross-domain risk initiatives that support 2nd Line responsibilities as needed.
• Support the maintenance of effective relationships and collaboration with regulators, law enforcement, exchange peers and industry partners.

Requirements

• At least 3-4 years of relevant experience in cyber and technology risk management, preferably in the financial services sector or professional services (e.g. Big 4 firms) supporting financial services clients.
• University degree in business, information security, computer science or related fields of study preferred.
• Excellent written and spoken English; proficiency in Cantonese and Putonghua would be an advantage.
• Strong communication skills with a proven ability to draft clear and structured communications on complex cyber and technology risk matters for both technical and business audiences. 
• Experience in cyber and technology risk governance, system testing quality assurance, industry standards (including NIST CSF), policy formulation, incident management, assessment, and audits.
• Knowledge of IT environments and related controls from both tactical and strategic viewpoints.
• Track record in implementing changes or projects involving different stakeholders and aligning their interests.
• Relevant certifications such as CISA, CISSP, or equivalent preferred.
• General knowledge of financial markets, exchange operations, and regulatory practices highly regarded.

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.

Location:

HKEX - Exchange Square

Shift:

Standard - 40 Hours (Hong Kong SAR)

Scheduled Weekly Hours:

40

Worker Type:

Permanent