- Crisis Management
- Disaster Recovery Planning
- External Audit
- Impact Analysis
- Information Security
- IT Security
- Risk Assessment
- Risk Management
Senior Manager, Technology Risk Management
Location: Hong Kong, HK
Working in conjunction with other professional colleagues and specialists, the Technology Risk Manager is responsible to the development and implementation of technology risk management governance programmes with the alignment of the AIA Group’s strategic technology risk direction.
He/she is also responsible for technology disaster recovery planning and the coordination of periodic drill exercises.
Roles and Responsibilities
Technology Risk Management
- Provide oversight on the enforcement of those notices and guidelines of Technology Risk issued by the Securities & Future Commissions (“SFC”) and respond to these enquiries and coordinate compliance exercises, assessments and reviews.
- Adopted from the AIA Group, review policies and procedures to manage cybersecurity threats, IT protocols, application management practices and supervision and ensure that they are compliant with regulatory requirements.
- Collect and validate data that measure technology key risk indicators to monitor and communicate their status and initiate corrective actions, to ensure IT systems and services are operating securely.
- Manage and communicate with group offices, business partners, IT vendors and external parties on IT security matters.
Daily operation - Technology Governance & Control
- Leaded by the AIA Group’s Technology Risk team, develop and manage technical risk portfolio and governance model and support the roll out of initiatives and projects.
- Identify cybersecurity risk and critically assess potential implications and major areas of vulnerabilities in IT systems by arranging regular security assessments, vulnerability scanning and penetration tests.
- Support Security operating centre to monitor and report suspicious activities and manage security incident response and investigation.
- Support regular internal/external audit and track on the remediation status for those identified gaps and issues.
- Develop and implement training plans to uplift user’s technology risk awareness and cyber-safe business processes across the organisation.
- Develop technical risk awareness programme to promote a risk-aware culture and business users will understand IT risk they are facing.
- Perform security assessment service on external IT service provider to ensure appropriate security measures are in place.
Technology Disaster Recovery Planning
- Conduct technology Impact analysis and continuity risk assessments of critical technology assets.
- Manages the design, implementation, and communication of technology disaster recovery plans and crisis management and coordinate periodic drill exercises.
- Degree holder in Computer Science, Information Systems, or related discipline.
- Minimum of 10 years of relevant and solid experience in technology risk management and control, gained from sizable multi-national banks and insurance companies, which includes at least 2 years of technology experience knowledge to support recovery strategy design and testing.
- Solid experience in handling with technology Audit and cybersecurity assessments against information security frameworks or standards, such as ISO 27001, PCI-DSS, etc.
- Familiar with relevant technology control requirements from the regulatory bodies of Hong Kong, such as Securities & Future Commissions (“SFC”).
- Excellent communication (written and oral) and highly effective facilitator of cross functional teams.
- Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
- Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically in a problem-solving environment.
We offer an attractive remuneration package to the successful candidate. Please submit your application by clicking “Apply Now” for our processing.
All personal information provided by applicant will be treated in strict confidence and used solely for recruitment purposes. The personal information will be used strictly in accordance with AIA’s personal data policies, a copy of which will be provided upon request. It is possible that information about the applicant or the applicant’s application will be shared with AIA and its related companies. AIA will retain all applications for a period of up to 24 months after which the documents will be destroyed.
|Career Level||Lead (more than 10 years)|
|Qualification||AIA Professional Accountancy Qualification|