Technology Risk Manager / Associate (Information Technology)
- Hong Kong
- Permanent, Full time
- BOC International
- 16 Jan 17
As a leading investment bank in China and Hong Kong region, the investment banking arm of Bank of China, BOC International Holdings Limited (“BOCI”), is now seeking highly motivated, creative and success-oriented professional who would like to pursue the career for supporting our capital market business.
- Provide IT risk & compliance consultancy to IT Division on technology risk management framework, IT policy and procedure, regulatory requirements and industry best practice around IT risk and regulatory compliance;
- Develop and maintain a fit and proper technology risk management framework for the company;
- Perform risk & control assessments on IT processes to articulate and explain the risk to management as well as propose mitigating controls to reduce the risk;
- Perform IT regulatory compliance assessment & reporting, work closely with Legal & Compliance Division on responding to circulars & notices that affect ITD;
- Monitor IT incident management process to ensure that IT incident are managed according to the IT incident management policy;
- Develop & maintain IT risk register to record and manage IT risk according to the technology risk management framework;
- Report Operational Risk Event according to the requirements from Operational Risk Management;
- Develop and maintain Key Risk Indicators information;
- Drive risk remediation programs for mitigating key risk areas around IT risk and regulatory compliance;
- Coordinate internal/external audit & regulatory inspection for ITD, work closely with the relevant IT team on preparing the requested information.
- At least 7 years of relevant experience for Manager or 3 years for Associate in technology risk, information security, regulatory compliance, risk & control and/or operational risk management from the banking and finance industry
- Knowledge on IT risk & compliance principles and best practices, practical experience in conducting risk & control assessments
- Sound knowledge across different domains including risk & control, information security, operational risk management
- Experience in performing IT regulatory compliance assessment & reporting
- Familiar with the regulatory environment of the banking and finance industry including the requirements from HKMA and SFC
- Strong communication and interpersonal skill and be able to work with stakeholders at all levels
- Strong business knowledge on investment banking, securities brokerage and private banking business
- Certification or passed examination in IT audit or information security (e.g. CISA, CISM, CISSP)
- Degree holder major in Computer Science or Business Management, or related field
- Prior experience gained as an auditor is desirable
Please apply in strict confidence with full resume, academic record, current and expected salaries.
Please quote the applied position & reference number in the subject.
(The personal data provided will be used for consideration of recruitment only. All personal data of unsuccessful candidatee will be destroyed within six months.)