Head of Technology Risk Management

Lead (more than 10 years)

Technical Skills

  • Audit
  • Compliance
  • Information Security
  • Market Development
  • Risk Assessment
  • Risk Management

Job Description

Head of Technology Risk Management

Location: Quarry Bay

Job Purpose

  • Lead Technology Risk Management (TRM) team to address and prevent technology related risks in response to regulatory requirement and the latest market development.   


  • Responsible for the 2nd line of defense in technology risk related matters under 3 tiers of risk defensive model
  • Maintains and upholds the TRM framework by referring to the best practice of risk governance and management
  • Drives to maintain the technology risk register, leads to do risk identification, response and monitoring 
  • Manages to conduct technology risk assessment and recommends to senior management or relevant committees the status of risk acceptance or mitigation and whether residual risk persists 
  • Organizes and plans the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI), such as conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development
  • Ensures IT practices and controls are adequately developed to address customer data leakage risk
  • Manages the performance review of IT outsourcing and service providers in relation to their technology risk compliance with regulatory requirement and Bank’s internal policy   
  • Provides consultancy and advice to the adoption of emerging and disrupting technologies by new initiatives in relation to technology risk
  • Organizes bank-wide awareness or education program to promote the security cultures of the Bank


  • Degree holder preferably in Information Technology or Risk Management or relevant discipline
  • Certified in CISSP, CISA, CISM or related professional program
  • Seasoned practitioner in TRM or Audit or Information Security Management
  • Minimum 12 years working experience in audit or technology risk management or information security management.
  • Thorough knowledge of risk management practices in IT infrastructure, IT Application and Service Management
  • Solid experience in conducting technology risk assessment
  • Familiar to regulatory requirements such as HKMA(TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS etc.
  • Good understanding of industry best practices e.g. ISO20001, COBIT, etc

For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp.  Please apply with full resume stating current and expected salaries email to [email redacted, apply via Jobable]

Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.

China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment.  All employment decisions will be made in a non-discriminatory manner.

Employment TypeFull-time
Career LevelLead (more than 10 years)
Education LevelBachelor
QualificationCertified Information Security Manager (CISM), Certified Information System Auditor (CISA)
China CITIC BankFinancial Services, Retail and Commercial Banking

18 Tai Koo Shing Rd Quarry Bay

directions_walk6 mins walk from Tai Koo Station