Our client is an international securities based in Shanghai. Currently, they are looking for an IT Risk Manager, who's familiar with local regulations requirements.
This Position's Responsibilities Include
- Oversee key aspects of technology risk management activities as an independent risk advisor by enforcing the Firmwide IT Risk Management Framework (ITRMF) and Legal Entity (LE) specific regulatory requirements
- Monitor and act as the independent advisory role to assist CIO on the responses to regulatory inquiries/inspections/audits
- Work on supporting global technology risk assessment programs and help define local requirements
- Jointly work with functional risk officers on assessment of IT risk exposures, conducting self-assessment and data analysis to help identify technology-related risks and exceptions, and subsequently monitoring, tracking, and managing them. Areas and examples for these analyses include vendor and supplier-related risks, stability and incidents, etc.
- Support the implementation and maintenance of technology policies and standards. Enforcing compliance with Firm-standard technology risk posture .
- Represent technology risk at the local industry-wide technology risk forums.
- Provide technology risk updates to CIO and work as the secretary to tech risk governance committee.
Skills / Experience Required
- Strong understanding of financial industry businesses and technology risk concept and China regulatory environment and/or experience as technology auditor.
- Working experience of risk assessment methodologies, internal controls and industry technology risk management frameworks such as ITIL, CobiT, and ISO 27001
- Outstanding communication and interpersonal skills. Ability to work effectively with all levels of the organization. Excellent influencing and negotiation skills
- Ability to draft high quality written products that are comprehensive, accurate, and tailored to the audience
- Strong organizational skills and an ability to manage multiple demands and changing priorities. Detail-oriented.
- A proven track record in global and cross-team projects. Strong project management skills
- Strong analytical skills required to enable independent research and accurate assessments of risk management process effectiveness and adherence to regulatory requirements.
- Willingness to travel domestically and occasionally internationally
- 8 -12 years of relevant Technology Risk, IT Security, and Information Security experience
- Industry certifications such as CISA, CISSP, CISM, CRISC