Job Description
49 days ago
JOB REFERENCE
BOCI00320
CONTRACT TYPE
Permanent
DIVISION
Information Technology
JOB FUNCTION
Others
The Role
AVP/ VP, Technology Risk Management, Information Technology
Key Accountabilities
• Provide IT Risk & Security consultancy to the IT Division on technology risk management framework, IT policy and procedure, regulatory requirements and industry best practice around IT risk, IT security and regulatory compliance;
• Develop and maintain a fit and proper technology risk management and IT security framework for the company;
• Perform risk & control assessments on IT processes to articulate and explain the risk to management as well as propose mitigating controls to reduce the risk;
• Define IT security control requirements & policy;
• Oversight of threat & vulnerability management to ensure that high risk threat & vulnerability are properly addressed by relevant parties;
• Promote IT security awareness across the company;
• Assist on the investigation of IT security incident;
• Formulate IT risk and security requirements for 3rd party service providers and overseas offices from a governance perspective to assure that IT risk and security requirements are being managed;
• Perform and manage the Operational Risk Event Reporting according to the requirements from Operational Risk Management;
• Maintain IT risk register to record all the potential IT risk being identified and manage all identified risk according to the technology risk management framework;
• Develop and maintain Key Risk Indicators and security metrics for continuous monitoring of the company’s IT risk and security posture;
• Perform IT regulatory compliance assessment & reporting, work closely with Legal & Compliance Division on responding to circulars & notices that affect the IT Division;
• Coordinate all internal/external IT audit & regulatory inspection
• Assist the team head and provide support on other service areas across the function covering Technology Risk Management and Business Continuity Management.
Skills & Experience
• Extensive knowledge of IT risk and security principles and best practices, practical experience in IT security and to conduct IT security risk assessment
• Sound knowledge across different domains including information security, cyber security, risk & control, operational risk management
• Experience in performing IT regulatory compliance assessment & reporting
• Familiar with the regulatory environment of the banking and finance industry including the requirements from HKMA and SFC
• Strong communication and interpersonal skill and be able to work with stakeholders at all levels
• Strong business knowledge on investment banking, securities brokerage and private banking business
• Degree holder major in Computer Science or related field
• At least 8 years of experience in multiple areas including technology risk, information security, cyber security, regulatory compliance, risk & control and/or operational risk management from the banking and finance industry
• Certification in information security, IT audit, and/or business continuity (e.g. CISA, CISM, CISSP or DRII/BCI)
• Prior experience gained as an auditor is desirable
Other Information
Notes to applicants:
• Please apply in strict confidence with full resume, academic record, current and expected salaries.
• The personal data provided will be used for consideration of recruitment only. All personal data of unsuccessful candidate will be destroyed within 24 months.
• Candidates with Enhanced Competency Framework (ECF): please state on the CV.
About BOCI
As a leading investment bank in China and Hong Kong region, the investment banking arm of Bank of China, BOC International Holdings Limited (“BOCI”), is now seeking highly motivated, creative and success-oriented professional who would like to pursue the career for supporting our group.
BOCI00320
CONTRACT TYPE
Permanent
DIVISION
Information Technology
JOB FUNCTION
Others
The Role
AVP/ VP, Technology Risk Management, Information Technology
Key Accountabilities
• Provide IT Risk & Security consultancy to the IT Division on technology risk management framework, IT policy and procedure, regulatory requirements and industry best practice around IT risk, IT security and regulatory compliance;
• Develop and maintain a fit and proper technology risk management and IT security framework for the company;
• Perform risk & control assessments on IT processes to articulate and explain the risk to management as well as propose mitigating controls to reduce the risk;
• Define IT security control requirements & policy;
• Oversight of threat & vulnerability management to ensure that high risk threat & vulnerability are properly addressed by relevant parties;
• Promote IT security awareness across the company;
• Assist on the investigation of IT security incident;
• Formulate IT risk and security requirements for 3rd party service providers and overseas offices from a governance perspective to assure that IT risk and security requirements are being managed;
• Perform and manage the Operational Risk Event Reporting according to the requirements from Operational Risk Management;
• Maintain IT risk register to record all the potential IT risk being identified and manage all identified risk according to the technology risk management framework;
• Develop and maintain Key Risk Indicators and security metrics for continuous monitoring of the company’s IT risk and security posture;
• Perform IT regulatory compliance assessment & reporting, work closely with Legal & Compliance Division on responding to circulars & notices that affect the IT Division;
• Coordinate all internal/external IT audit & regulatory inspection
• Assist the team head and provide support on other service areas across the function covering Technology Risk Management and Business Continuity Management.
Skills & Experience
• Extensive knowledge of IT risk and security principles and best practices, practical experience in IT security and to conduct IT security risk assessment
• Sound knowledge across different domains including information security, cyber security, risk & control, operational risk management
• Experience in performing IT regulatory compliance assessment & reporting
• Familiar with the regulatory environment of the banking and finance industry including the requirements from HKMA and SFC
• Strong communication and interpersonal skill and be able to work with stakeholders at all levels
• Strong business knowledge on investment banking, securities brokerage and private banking business
• Degree holder major in Computer Science or related field
• At least 8 years of experience in multiple areas including technology risk, information security, cyber security, regulatory compliance, risk & control and/or operational risk management from the banking and finance industry
• Certification in information security, IT audit, and/or business continuity (e.g. CISA, CISM, CISSP or DRII/BCI)
• Prior experience gained as an auditor is desirable
Other Information
Notes to applicants:
• Please apply in strict confidence with full resume, academic record, current and expected salaries.
• The personal data provided will be used for consideration of recruitment only. All personal data of unsuccessful candidate will be destroyed within 24 months.
• Candidates with Enhanced Competency Framework (ECF): please state on the CV.
About BOCI
As a leading investment bank in China and Hong Kong region, the investment banking arm of Bank of China, BOC International Holdings Limited (“BOCI”), is now seeking highly motivated, creative and success-oriented professional who would like to pursue the career for supporting our group.
More jobs from BOC International
Consulting & System Integration
Central and Western, Hong Kong
7 days ago
Full Time
Onsite
Technology, Information and Media
More jobs like this
Senior / Technology Risk Manager (Cyber Security Control Division)
Bank of China (Hong Kong) Limited
Central and Western, Hong Kong
Senior / Technology Risk Manager (Cyber Security Control Division)
Bank of China (Hong Kong) Limited
Central and Western, Hong Kong
Information Security Manager/ Senior Manager
国泰君安国际 Guotai Junan International
Central and Western, Hong Kong
AVP, Information Security Senior Analyst
China CITIC Bank International Limited
Central and Western, Hong Kong
Technology Risk Manager (Cyber Security Control Division) | Hong Kong, HK
Bank of China (Hong Kong) Limited
Central and Western, Hong Kong
🎉 Got an interview?