Head of Technology Risk Management

  • Negotiable
  • Hong Kong
  • Permanent, Full time
  • Talent Axis
  • 20 Feb 19

Our client, a well-established bank, is now seeking an experienced candidate to join their team


•Maintains and upholds the TRM framework by referring to the best practice of risk governance and management

•Drives to maintain the technology risk register, leads to do risk identification, response and monitoring

•Responsible for the 2nd line of defense in technology risk related matters under 3 tiers of risk defensive model

•Manages to conduct technology risk assessment and recommends to senior management or relevant committees the status of risk acceptance or mitigation and whether residual risk persists

•Organizes and plans the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI), such as conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development

•Ensures IT practices and controls are adequately developed to address customer data leakage risk

•Manages the performance review of IT outsourcing and service providers in relation to their technology risk compliance with regulatory requirement and Bank’s internal policy

•Provides consultancy and advice to the adoption of emerging and disrupting technologies by new initiatives in relation to technology risk

•Organizes bank-wide awareness or education program to promote the security cultures of the Bank



•Degree holder preferably in Information Technology or Risk Management or relevant discipline

•Certified in CISSP, CISA, CISM or related professional program

•Seasoned practitioner in TRM or Audit or Information Security Management

•Minimum 12 years working experience in audit or technology risk management or information security management.

•Thorough knowledge of risk management practices in IT infrastructure, IT Application and Service Management

•Solid experience in conducting technology risk assessment

•Familiar to regulatory requirements such as HKMA(TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS etc.

•Good understanding of industry best practices e.g. ISO20001, COBIT, etc