Technology Risk Management - Manager (Information Security)
Roles and Responsibilities:
- Plan and conduct security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
- Provide dedicated support to information security risk management processes for onboarding and off-boarding of third-party vendor relationships .
- Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
- Supports development and maintenance of third-party vendor inventory. Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating risks on third-party vendor relationships.
- Provide awareness by conducting training on third-party vendor risk management framework.
- Stay informed about latest developments in third-party vendor risk management field.
- Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline 。
- Over 3 years of experience in IT security, technology risk, risk management, system development management, compliance or IT audit function, gained from other sizable financial institutions.
- Demonstrated experience working with the regulators and external auditor .
- Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
- Good command of written and spoken English and Mandarin is preferable.
- Good communication and interpersonal skills.
- Flexibility in traveling.