Responsibilities Maintain corporate-wide technology risk management and cyber resilience policy and process in compliance with the regulator’s requirements; As a second line of defense, assist risk owners in identifying and measuring risks to build a corporate-wide cyber and technology risks profile; Assist senior management in overseeing cyber and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment; Perform thematic review over bank technology-related operation and provide advisory towards new products or services; Review residual risk level and control effectiveness to make recommendations for risk treatment; Assist team head to interpret key risk statistics for reporting to senior management on a regular basis; Assist the coordination for evaluation on emerging cyber threat scenario for continuous improvement on cyber security response preparation for Business Continuity Management (BCM); Promote security awareness and ensure compliance with applicable security standards; Keep abreast of cyber threat trends to gauge the prevailing cyber threat landscape, and make recommendations on improving the bank risk posture; Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new technologies and standards with reference to prevailing industry best practices; Assist senior management overseeing the technology-related incident management. Requirement: University degree preferably in information technology, information security or related discipline; Minimum 5 years of experience in information security, technology risk management or IT Audit field; Holder of cybersecurity certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred; Practical experience and knowledge in risk management framework and methodology; Knowledge in control frameworks such as C-RAF, TM-E-1, TM-G-1, SA-2 and relevant circulars published by the HKMA, SWIFT Customer Security Programme, PCI DSS, etc. are preferred; Experience in working for major financial institutions; A good team player with sound interpersonal and communication skills, good command of the English language and proficiency in Mandarin. Seniority level Associate Employment type Full-time Job function Information Technology Industries Banking
#J-18808-Ljbffr