Head of Technology Risk Management

Lead (more than 10 years)

Technical Skills

  • Audit
  • Compliance
  • Information Security
  • Market Development
  • Risk Assessment
  • Risk Management

Job Description

Head of Technology Risk Management

Location: Quarry Bay

Job Purpose

  • Lead Technology Risk Management (TRM) team to address and prevent technology related risks in response to regulatory requirement and the latest market development.   


  • Responsible for the 2nd line of defense in technology risk related matters under 3 tiers of risk defensive model
  • Maintains and upholds the TRM framework by referring to the best practice of risk governance and management
  • Drives to maintain the technology risk register, leads to do risk identification, response and monitoring 
  • Manages to conduct technology risk assessment and recommends to senior management or relevant committees the status of risk acceptance or mitigation and whether residual risk persists 
  • Organizes and plans the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI), such as conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development
  • Ensures IT practices and controls are adequately developed to address customer data leakage risk
  • Manages the performance review of IT outsourcing and service providers in relation to their technology risk compliance with regulatory requirement and Bank’s internal policy   
  • Provides consultancy and advice to the adoption of emerging and disrupting technologies by new initiatives in relation to technology risk
  • Organizes bank-wide awareness or education program to promote the security cultures of the Bank


  • Degree holder preferably in Information Technology or Risk Management or relevant discipline
  • Certified in CISSP, CISA, CISM or related professional program
  • Seasoned practitioner in TRM or Audit or Information Security Management
  • Minimum 12 years working experience in audit or technology risk management or information security management.
  • Thorough knowledge of risk management practices in IT infrastructure, IT Application and Service Management
  • Solid experience in conducting technology risk assessment
  • Familiar to regulatory requirements such as HKMA(TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS etc.
  • Good understanding of industry best practices e.g. ISO20001, COBIT, etc

For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp.  Please apply with full resume stating current and expected salaries email to [email redacted, apply via Jobable]

Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.

China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment.  All employment decisions will be made in a non-discriminatory manner.

Employment TypeFull-time
Career LevelLead (more than 10 years)
Education LevelBachelor
QualificationCertified Information Security Manager (CISM), Certified Information System Auditor (CISA)

18 Tai Koo Shing Rd Quarry Bay

directions_walk6 mins walk from Tai Koo Station