Tier 1 Investment Bank - Technology Risk Senior Manager

Titolo: Tier 1 Investment Bank - Technology Risk Senior Manager
Tipologia di contratto: Permanent
Luogo: Hong Kong, Hong Kong
Stipendio: Bonus
Arbitro: 16112018_1542595832
Nome del contatto: Rita Yu
Contatto email:
Lavoro pubblicato: mesi 6 fa

Descrizione del lavoro

Tier 1 Investment Bank - Technology Risk Senior Manager

Job Purpose

The candidate will be responsible for execution of risk processes and assessments to fulfil Technology Risk Management (TRM) objectives as well as regulatory requirements.

Great Exposure

  • Oversight the US, Singapore, China, Macau and Hong Kong Business to support the Business Units, IT department and the regulatory bodies occasionally.
  • Opportunities to meet with different industries professionals through networking events, Chamber of Commerce
  • Work life balance working environment

Job Responsibilities

  • Support execution of TRM framework by reviewing the adequacy of the implemented controls
  • Conduct technology risk assessment and advise management on the status of risk acceptance or mitigation when residual risk persists
  • Perform the vulnerability scanning and penetration testing if necessary
  • Conduct Cybersecurity risk and maturity assessment in accordance to the HKMA's requirement
  • Keep track of Cyber risk intelligence from regulatory initiated platform and industry alliances, and advise the corresponding preventive actions
  • Provide consultancy and advice to the adoption of emerging and disrupting technologies by new initiatives in relation to technology risk
  • Identify, response and monitor the technology risk
  • Prepare the bank-wide awareness or education program to promote the security cultures of the Bank
  • Maintain the TRM framework by referring to the best practice of risk governance and management


  • Degree holder preferably in IT or relevant discipline
  • Minimum 5 years' related experience in IT related functions including at least 3 years in Audit, TRM or Information Security Management
  • Obtained Core/Professional level qualification of Relevant Practitioner under the HKMA ECF on Cybersecurity
  • Certified in CISSP, CISA, CISM or other recognized certificate is a must
  • Holder of ethical hacking certification (e.g. CEH) would be an added advantage
  • Sound knowledge in cryptographic techniques, firewall/network, DLP, APT, DDoS and vulnerability management
  • Familiar with regulatory requirements such as HKMA SPM, C-RAF, iCAST, MAS and PCI-DSS
  • Good understanding of industry best practices e.g. ISO27001 and COBIT
  • Good command of spoken and written English and Chinese (including Putonghua)