Maintains and upholds the TRM framework by referring to the best practice of risk governance and management
Drives to maintain the technology risk register, leads to do risk identification, response and monitoring
Responsible for the 2nd line of defense in technology risk related matters under 3 tiers of risk defensive model
Manages to conduct technology risk assessment and recommends to senior management or relevant committees the status of risk acceptance or mitigation and whether residual risk persists
Organizes and plans the corresponding actions to align with HKMA's Cybersecurity Fortification Initiative (CFI), such as conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development
Ensures IT practices and controls are adequately developed to address customer data leakage risk
Manages the performance review of IT outsourcing and service providers in relation to their technology risk compliance with regulatory requirement and Bank's internal policy
Provides consultancy and advice to the adoption of emerging and disrupting technologies by new initiatives in relation to technology risk
Organizes bank-wide awareness or education program to promote the security cultures of the Bank
Degree holder preferably in Information Technology or Risk Management or relevant discipline
Certified in CISSP, CISA, CISM or related professional program
Seasoned practitioner in TRM or Audit or Information Security Management
Minimum 12 years working experience in audit or technology risk management or information security management.
Thorough knowledge of risk management practices in IT infrastructure, IT Application and Service Management
Solid experience in conducting technology risk assessment
Familiar to regulatory requirements such as HKMA(TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS etc.
Good understanding of industry best practices e.g. ISO20001, COBIT, etc
Internal Number: 5242547
About Talent Axis
eFinancialCareers is a career site specializing in financial services.