Technology Risk Management Professional - Hong Kong, 香港 - China Construction Bank (Asia) Corporation Limited

描述

Job Descriptions

• Manage Technology Risk Management processes to identify emerging or existing technology-related risks, measure impact, likelihood and direction of technology-related risks.
• Establish and review technology risk management policy, mechanism and tools of the Bank with reference to Head Office and regulatory requirements.
• Monitor first line of defense in applying technology risk management tools in identifying, assessing, monitoring and controlling technology risk, and provide appropriate opinion and guidance on necessary mitigation measures and remediation.
• Closely monitor any technology-related issues or incidents and control the risks through preventive, compensating and contingency measures.
• Assess the adequacy and effectiveness of the controls from technology risk perspectives during due diligence of new products/ service propositions and incident handling, provide advisory and recommendation on new technology solution of IT initiatives.
• Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial action(s).
• Oversight and challenge the IT security functions to ensure strict adherence to the corporate standards and regulatory requirements, and conduct regular technology risk profile review.
• Prepare regular management reports on technology risk profile of the bank.

Requirements

1. Bachelor Degree holder or above with major in Information Technology or related disciplines
2. With 8 years or above banking experience and within which at least 6 year experience or above in IT security, technology risk or IT audit field of banking / financial industry
3. Strong understanding of Technology Risk Management and functions of Second Line of Defense, broad knowledge of regulatory requirements, technology risk relevant controls and information security best practices.
4. Customer-oriented with strong leadership, communication, interpersonal and negotiation skills.
5. Holder of CISSP / CISA / CISM / CRISC certification is preferred.
6. Attention to details, good analytical and interpersonal skills.
7. Good communication skill (including in Cantonese, Mandarin, English). Proficiency in preparing presentation materials and reports in Chinese will be an advantage.
8. Appropriate candidate with less experience could be considered as VP level.
9. Be able to work independently and under pressure. Be a good team player.