Technology Risk Management - Manager (Information Security II)
Roles and Responsibilities:
- Formulate and manage information security policies, standards and procedures.
- Plan and conduct information security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls and endpoint security review. Support the implementation of security initiatives to ensure the compliance with corporate information security policies and compliance standards .
- Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating information security risks.
- Communicate to business units and cross-functional teams regarding information security risk issues and/or control gaps, and recommends remediation initiatives.
- Create and manage information security awareness training programs for all employees, contractors and approved system users.
- Stay informed about latest developments in information security field.
- Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline 。
- Over 3 years of experience in IT security, technology risk, risk management, system development management, compliance or IT audit function, gained from other sizable financial institutions.
- Demonstrated experience working with the regulators and external auditor .
- Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
- Good command of written and spoken English and Mandarin is preferable.
- Good communication and interpersonal skills.