Vice President - Group Risk Management (Group Cyber & Technology Risk)
- Formulate effective strategy, framework and structure for managing cyber and technology risk of the HKEX Group and lead the implementation through collaboration with relevant stakeholders.
- Deliver effective governance on cyber and tech risks, covering the risk appetite, risk metrics, risk monitoring and governance reporting.
- Define policies and guidelines which incorporate all applicable legislative and regulatory requirements, industry standards and best practices, while ensuring that the policies and guidelines are effective and practicable.
- Monitor emerging cyber and technology risks, escalate to senior management and relevant stakeholders in a timely manner, and coordinate measures for addressing the risks.
- Formulate and deliver an effective independent oversight programme, covering risk assessment of technology resilience and technology operations supporting critical business processes, controls for managing major cyber and technology risks and validation against adherence to the risk appetite.
- Enhance ongoing readiness of relevant stakeholders in handling technology incidents and exercise oversight of technology incident management.
- Perform cyber and technology risk assessment over strategic projects and major technology initiatives.
- Conduct investigation into significant cyber and technology incidents or control lapses.
- Propose, drive and coordinate other initiatives for facilitating 2nd Line responsibilities whenever there is a need.
- Foster and maintain effective relationships and collaboration with regulators, law enforcement, exchange peers and industry partners.
- A self-motivated, reliable, consensus building, persuasive individual with highly effective communication skills for delivering cyber and technology risk messages in English to a broad range of technical and non-technical audiences, including business users and up to the board and executive committee levels. Proficiency in Chinese and Putonghua would be an advantage.
- University degree in information security, computer science, or related fields of study
- At least 10 years of relevant experience in cyber and technology risk management, preferably in financial services sector or professional services for clients in financial services industry
- Solid experience in cyber and technology risk strategy and governance, industry standards (including NIST CSF) policy formulation, cyber and technology incident management, independent cyber and technology assessment, project review, cyber and technology auditing and/or compliance
- Demonstrate good knowledge in IT environment and cyber and technology related controls from both a tactical and strategic viewpoint
- Proven track record in initiating and implementing significant changes or projects involving different stakeholders and aligning their interests.
- CISA, CISSP or other cyber or technology certification/accreditation required
- General knowledge of exchange business and regulatory practices is highly regarded
Applicants who do not hear from us within 6 weeks may consider their applications unsuccessful. Personal data provided will only be used for the purpose of employment application to HKEX.