- Information Security
- Market Development
- Risk Assessment
- Risk Management
Head of Technology Risk Management
Location: Quarry Bay
- Lead Technology Risk Management (TRM) team to address and prevent technology related risks in response to regulatory requirement and the latest market development.
- Responsible for the 2nd line of defense in technology risk related matters under 3 tiers of risk defensive model
- Maintains and upholds the TRM framework by referring to the best practice of risk governance and management
- Drives to maintain the technology risk register, leads to do risk identification, response and monitoring
- Manages to conduct technology risk assessment and recommends to senior management or relevant committees the status of risk acceptance or mitigation and whether residual risk persists
- Organizes and plans the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI), such as conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development
- Ensures IT practices and controls are adequately developed to address customer data leakage risk
- Manages the performance review of IT outsourcing and service providers in relation to their technology risk compliance with regulatory requirement and Bank’s internal policy
- Provides consultancy and advice to the adoption of emerging and disrupting technologies by new initiatives in relation to technology risk
- Organizes bank-wide awareness or education program to promote the security cultures of the Bank
- Degree holder preferably in Information Technology or Risk Management or relevant discipline
- Certified in CISSP, CISA, CISM or related professional program
- Seasoned practitioner in TRM or Audit or Information Security Management
- Minimum 12 years working experience in audit or technology risk management or information security management.
- Thorough knowledge of risk management practices in IT infrastructure, IT Application and Service Management
- Solid experience in conducting technology risk assessment
- Familiar to regulatory requirements such as HKMA(TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS etc.
- Good understanding of industry best practices e.g. ISO20001, COBIT, etc
For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp. Please apply with full resume stating current and expected salaries email to [email redacted, apply via Jobable]
Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.
China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner.
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)