The Information Technology Risk Management (ITRM) team is part of BOC's Operational Risk Management department. This group, acting as an independent second line of defense, works with business units and corporate functions to manage and measure operational risk (including IT Risks) via a Three Lines of Defense Model, based on the Heightened Standards and the Bank's Risk Governance Framework. The role will support and assist in the Bank's ITRM policies, programs and processes, accountable for advancing and delivering the ITRM program. The candidate will drive key initiatives, execute risk-based controls and practices, and deliver relevant outcomes necessary for the implementation of the ITRM program.
Supporting IT Risk Management Program:
Assist and advance the design, delivery, and maintenance of the ITRM Program, including: taxonomy, risk appetite and risk tolerance, risk framework and methodology, the ITRM program documentations, supporting controls library, metrics, risk analysis and reporting techniques, templates, and stakeholder training contents.
IT Risk Analysis and Reporting:
Assist in risk assessment activities for programs of ORD, including the IT Asset management, BCP, Third Party Risk Management program, new products and various types of IT related risk assessments and review/reporting.
Supporting Risk Remediation Process:
Evaluate and propose solutions to mitigate identified risk, assist stakeholders with remediation planning and assist in verification to ensure identified gaps are appropriately managed and remediated in a timely manner meeting compliance requirements.
Special Project Assignment:
Participate in special projects/tasks assigned by supervisor and/or department head.
BSA/AML, Compliance, and Talent Management:
Keep abreast of BSA/AML and other regulatory updates by attending compliance trainings, seminars and subscription of industry news.
Monitor BSA/AML updates and notify FLU' and IRMs of any potential impact.
Bachelor's Degree required
3 years of relevant professional experience strongly preferred
General Knowledge of financial/banking industry, risk governance framework; ISO, ITIL or COBIT
Familiarity with FFIEC IT Management Guidelines, IT infrastructure risk and security
Proficiency in Mandarin Chinese is a Plus
IT/Risk Management Professional certification is a Plus.