Technology Risk Management - Group Risk Management - AVP
- Support the formulation of effective strategy, framework and structure for managing cyber and technology risk of the HKEX Group and the implementation through collaboration with relevant stakeholders.
- Support the delivery of effective governance on cyber and tech risks, covering the risk appetite, risk metrics, risk monitoring and governance reporting.
- Support the definition of policies and guidelines which incorporate all applicable legislative and regulatory requirements, industry standards and best practices, while ensuring that the policies and guidelines are effective and practicable.
- Monitor emerging cyber and technology risks, escalate to senior management and relevant stakeholders in a timely manner, and coordinate measures for addressing the risks.
- Deliver an effective independent oversight programme, covering risk assessment of technology resilience and technology operations supporting critical business processes, controls for managing major cyber and technology risks and validation against adherence to the risk appetite.• Support the enhancement of ongoing readiness of relevant stakeholders in handling technology incidents and exercise oversight of technology incident management.
- Perform cyber and technology risk assessment over strategic projects and major technology initiatives.
- Conduct investigation into significant cyber and technology incidents or control lapses.
- Support other initiatives for facilitating 2nd Line responsibilities whenever there is a need.
- Support the maintenance of effective relationships and collaboration with regulators, law enforcement, exchange peers and industry partners.Experience, skills and qualifications
- A self-motivated, reliable, consensus building, persuasive individual with highly effective communication skills for delivering information security/data privacy messages to a broad range of technical and non-technical audiences, including business users and up to senior executives. Proficiency in Chinese and Putonghua would be an advantage.
- University degree in business, information security, computer science or related fields of study
- At least 6-8 years of relevant experience in cyber and technology risk management, preferably in financial services sector or professional services for clients in financial services industry
- Solid experience in cyber and technology risk strategy and governance, industry standards (including NIST CSF), policy formulation, cyber and technology incident management, independent cyber and technology assessment, project review, cyber and technology auditing and/or compliance
- Demonstrate good knowledge in IT environment and cyber and technology related controls from both a tactical and strategic viewpoint
- Proven track record in initiating and implementing significant changes or projects involving different stakeholders and aligning their interests.
- CISA, CISSP or other cyber or technology certification/accreditation required
- General knowledge of exchange business and regulatory practices is highly regarded
Applicants who do not hear from us within 6 weeks may consider their applications unsuccessful. Personal data provided will only be used for the purpose of employment application to HKEX.