Technology Risk Manager

  • Negotiable
  • Hong Kong
  • Permanent, Full time
  • BOC International
  • 20 Sep 17

As a leading investment bank in China and Hong Kong region, the investment banking arm of Bank of China, BOC International Holdings Limited (“BOCI”), is now seeking highly motivated, creative and success-oriented professional who would like to pursue the career for supporting our capital market business.

Responsibilities:

  • Provide IT Risk & Security consultancy to the IT Division on technology risk management framework, IT policy and procedure, regulatory requirements and industry best practice around IT risk, IT security and regulatory compliance;
  • Develop and maintain a fit and proper technology risk management and IT security framework for the company;
  • Perform risk & control assessments on IT processes to articulate and explain the risk to management as well as propose mitigating controls to reduce the risk;
  • Define IT security control requirements & policy;
  • Oversight of threat & vulnerability management to ensure that high risk threat & vulnerability are properly addressed by relevant parties;
  • Promoting IT security awareness across the company;
  • Assist on the investigation of IT security incident;
  • Formulate IT risk and security requirements for 3rd party service providers and overseas offices from a governance perspective to assure that IT risk and security requirements are being managed;
  • Perform and manage the Operational Risk Event Reporting according to the requirements from Operational Risk Management;
  • Maintain IT risk register to record all the potential IT risk being identified and manage all identified risk according to the technology risk management framework;
  • Develop and maintain Key Risk Indicators and security metrics for continuous monitoring of the company’s IT risk and security posture;
  • Perform IT regulatory compliance assessment & reporting, work closely with Legal & Compliance Division on responding to circulars & notices that affect the IT Division;
  • Coordinate all internal/external IT audit & regulatory inspection;
  • Assist the team head and provide support on other service areas across the function covering Technology Risk Management and Business Continuity Management

Requirements:

  • Degree holder major in Computer Science or related field
  • At least 8 years of experience in multiple areas including technology risk, information security, cyber security, regulatory compliance, risk & control and/or operational risk management from the banking and finance industry
  • Certification in information security, IT audit,  and/or business continuity (e.g. CISA, CISM, CISSP or DRII/BCI)
  • Prior experience gained as an auditor is desirable
  • Extensive knowledge of IT risk and security principles and best practices, practical experience in IT security and to conduct IT security risk assessment
  • Sound knowledge across different domains including information security, cyber security, risk & control, operational risk management
  • Experience in performing IT regulatory compliance assessment & reporting
  • Familiar with the regulatory environment of the banking and finance industry including the requirements from HKMA and SFC
  • Strong communication and interpersonal skill and be able to work with stakeholders at all levels
  • Strong business knowledge on investment banking, securities brokerage and private banking business

Please apply in strict confidence with full resume, academic record, current and expected salaries.
(The personal data provided will be used for consideration of recruitment only. All personal data of unsuccessful candidatee will be destroyed within six months.)