Senior Manager, Technology Risk

Job Roles:
•    Design, develop and update technology risk related policies, standards and guidelines.
•    Perform risk assessments on IT projects, including but not limited to enhancements and/or new adoption of technologies across information security, infrastructure and application systems.
•    Assess and manage cyber security risks, including but not limited to governance, identification, protection, detection, response, recovery, to increase the cyber resilience and the overall system stability.
•    Provide day-to-day technology risk advisory to all IT departments and technology risk management support to the subsidiaries in Macau and China.
•    Coordinate IT and technology risk related responses across the organization for regulatory inspections, 2LOD risk review, internal and external audits, and perform gap analysis against new or updated regulatory requirements.
•    Assist to perform day-to-day risk monitoring and reporting risks to the responsible management and ensuring that the residual risks are being managed.
•    Apply process to ensure that IT operational and control risks are at an acceptable level within the risk thresholds of the bank, by evaluating the adequacy of risk management controls.
•    Assist in communicating the risk management standards, policies and procedures to stakeholders.
•    Assist in defining appropriate framework for technology risk and/or cybersecurity monitoring (including monitoring requirements, indicators, datasets, collection and analytical methods).
•    Assist to promote risk awareness and culture within the Division.
•    Carry out ad-hoc tasks as required by management.

Skills and experience:
•    At least 10 years of Technology risk experience, preferable in the Banking industry
•    Solid knowledge of technology risk regulatory requirements in Hong Kong, Macau and China
•    Good understanding of IT systems, emerging technologies, and infrastructure along with the relevant controls required to mitigate risks
•    Relevant knowledge and proven experience in IT risk assessment, cybersecurity, access control principles and operation, application security
•    Excellent written and verbal communication skills including ability to communicate clearly and concisely to various levels
•    Ability to communicate and understand Chinese as the regulatory requirements are written in the local language
•    Ability to adapt to a fast-moving IT landscape and keep pace with new technologies
•    Analytical mind-set and meticulous in the deliverables
•    Bachelor's degree in Computer Science, Information Technology, Information Systems Management or related discipline
•    Holder of CISSP, CISM, CISA or equivalent is a must
•    Dedication to fostering an inclusive culture and value diverse perspectives
•    Candidate with less experience will be considered as an Manager position