Assist Group COO and Group Head of ITD in maintaining/exercising oversight functions on key risks, controls and enhancement initiatives, to ensure proper governance and control are in place and in line with the control strategy and objectives set out by the ITD; Play an active role in identifying compliance and internal control issues within the ITD; Conduct and Review control self-assessment on governance, risk management and compliance to identify, assess, monitor and mitigate risks, and ensure associated controls within the Division are in place and sufficiently robust; Closely work with business and operation units in conducting periodic assurance checks or quality assurance reviews on control activities over ITD; Conduct end-to-end process review for control enhancements and perform oversight of the implementation of remedial actions; Act as a gatekeeper to exercise oversight on new business initiatives, products, activities, processes and systems (e.g. new product approval activities and major process revisions) and the implementation of mitigation measures in accordance with risk management and compliance framework; Cooperate with second-line risk and control units (i.e. AFD, GCD and ORD) to implement compliance, risk and control enhancements; Ensure ITD controls align with the Technology Risk Appetite Statement and internal control requirements; Implement adequate control measures, and ensure key control measures are carried out and comply with relevant policies and regulatory requirements, and mitigate emerging risks; Conduct risk monitoring duties and escalate incidents and risk events to risk management/compliance units and senior management in a timely manner, and monitor the issue resolution to ensure timely actions are taken; Implement and maintain risk and control tools to analyze and mitigate the risk and control issues within ITD; Report any events and observations over internal controls, risk and compliance issues within ITD to risk and control units, and provide updates to the Operational Risk & Internal Control Committee regarding the risk and control environment within the ITD; Promote a positive control culture and awareness within ITD. Minimum Requirements: At least 20 years of relevant experience in the banking IT field; with over 10 years in control implementation of the information technology area and 10 years or above in a managerial role; University graduate in Computer Science / Information Technology or equivalent; One or more certificates listed below:- ISC2 Certified Information Security Professional (CISSP)- ISACA Certified Information System Auditor (CISA)- ISACA Certified Information Security Manager (CISM)- ISC2 Certified Cloud Security Professional (CCSP)Solid experience in regulators’ requirements on technology risk management including the Supervisory Policy Manual of HKMA, Personal Data Privacy Ordinance, PCI Data Security Standard, SFC guidelines and Customer Security Controls Framework of SWIFT; Professional qualification such as Certified Banker (CB), or ECF on Cybersecurity is preferred; Strong communication skills, both in Chinese and English; Able to drive changes with strong execution ability; Mature and able to work independently under pressure. Please note that only shortlisted candidates will be notified.
#J-18808-Ljbffr
Advertisement:
International Executive Service Corps | Head Of It Risk Control
Free
International Executive Service Corps | Head Of It Risk Control
Hong Kong, Hong Kong,
Modified January 10, 2025
Description
Job details:
⇐ Previous job |
Next job ⇒ |