Regional Technology Risk Manager (Based in HK) Regional Technology Risk Manager (Based in HK) …

Rabobank Hong Kong
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 10 Feb 20
Rabobank Hong Kong
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 10 Feb 20
The successful candidate will be part of the Risk Management Team in assisting the CROs in Asia Region and Regional Head of Operational Risk Asia in the design, implementation, monitoring and application of an effective risk framework for technology related risks. This covers the spectrum of IT Disaster Recovery Planning, IT infrastructure, IT Systems and IT Security within the Asia region.

Key responsibilities of this role will include, but are not limited to the following: 

Risk Governance
• Design, maintain and implement the regional and local IT risk management framework for the Asia region, including control tools & measures. 
• Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements.
• Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis.
• Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures.
• Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.
Risk Identification
• Develop and maintain a system to promote the identification of IT related risks, including incident reporting. 
• Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.
Risk Assessment
• Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
• Review and challenge the figures and information reported in the IT risk dashboard submitted by IT for completeness and accuracy.
Risk Treatment
• Advise business and system owners on risk treatment approaches.
• Facilitate the IT risk and control self assessment by the relevant IT departments, in order to assess the effectiveness of the control measures and identify new risks.
• Encourage timely identification and reporting of significant risks and losses.
• Analyse the IT loss incidents reported and advise on remediation.
Risk Monitoring
• Maintain a regional and local IT risk dashboards that highlights key IT risks and the changes in the level of the residual risks.
• Monitor the status of IT risk acceptances and follow up with the relevant risk owners on pending/overdue items and the status of the action plans.
• Maintain an IT risk register that documents IT risks and the implemented controls/actions taken or actions underway to reduce the risks.
Risk Reporting
• Prepare management reports to senior management for decision making from tactical and strategic risk perspective.
• Prepare monthly IT Risk Dashboard for submission to the relevant Risk Committees and/or Technology Risk Committees. The report should cover key IT risks (loss/incidents), identifying trends and movements from previous months.

Key Requirements:
• A relevant tertiary qualification
• 3+ years of experience in Technology Risk Management
• 8+ years in IT / IT Security / IT Audit
• Relevant professional certification is preferred (e.g. CSX, CISA, CISM, CRISC, CGEIT, CISSP, CCSP)

Job Skills & Knowledge:
1.     Influencing Skills:
• People management skills
• Ability to influence outcomes with business and technical teams based on experience in risk analysis, compliance, business banking processes and systems implementation in the Finance or Banking space
• Ability to communicate up, down and across hierarchy by providing solid understanding of how IT risks translate to business risks plus a good understanding of banking business models
2.     Interpersonal Skills:
• Must have excellent written and oral communication skills
• Initiative and self-motivation
• Ability to work under pressure and manage multiple tasks
• Excellent problem solving/analytical skills
• Ability to communicate effectively with Senior Management and convey risk issues and implications for complex technical solutions
• Ability to build and maintain relationships at all levels plus engagement with stakeholders
• Ability to serve as a bridging function between the 1st and 2nd Lines of Defence, to promote cooperation, trust and communication
3.     Technical and Specialist Skills:
• Strong knowledge of IT infrastructure components including software (Operating System, Application and Database), hardware (Server, Firewall, Switch and Router) and IT Security components
• Knowledge of Technology Risk Management practices, fundamentals and frameworks in Asia Region
• Knowledge of information security concepts, practices and tools
• Understanding Systems development practices, lifecycle management and Systems Testing
• Understanding of IT Governance within an organisation including its components, benefits and practices
• Experience in handling Asia regulatory (e.g. MAS, HKMA, RBI, CBIRC) requirements and compliance based initiatives including reporting
• Knowledge of IT Outsourcing (risks, controls, monitoring), Cloud Computing and related regulatory issues
• Experience in assessing residual technology risks related to Business Continuity Planning (BIA, RTO, DRP etc)

Note: Only shortlisted candidates will be notified.