Technology Risk Manager (2nd line of defense)

Responsibilities:

• Assist to establish and review the technology risk management policy, mechanism and tools of the Group with reference to Head Office and regulatory requirements.
• Assist and monitor first line of defense in applying technology risk management tools in identifying, assessing, monitoring and controlling technology risk, and provide guidance on necessary mitigation measures.
• Assist to prepare regular management reports on technology risk status of the Group.
• Assess the adequacy and effectiveness of the controls from technology risk perspectives during due diligence of new products/ service propositions and incident handling, provide advisory and recommendation on new technology solution of IT initiatives.
• Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial action(s).

Requirements:

• Bachelor Degree holder or above with major in Information Technology or related disciplines.
• With 5 years or above banking experience and within which at least 3 years experience or above in IT security, technology risk or IT audit field of banking industry.
• Holders of Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM) is preferred.
• Sound knowledge in HKMA requirements and industrial standards in technology risk management. 
• Be able to work independently and under pressure. Be a good team player.
• Attention to details, good analytical and interpersonal skills.
• Good communication skill (including in Cantonese, Mandarin, English). Proficiency in preparing presentation materials and reports in Chinese will be an advantage.

LI-LC1#