Technology Risk Management Manager

  • Competitive
  • Hong Kong Hong Kong Hong Kong HK
  • Permanent, Full time
  • Bank Of China (Hong Kong) Limited
  • 06 Aug 18 2018-08-06

Technology Risk Management Manager

Roles and Responsibilities:

  • Provide advisory and recommendation from risk perspective.
  • Assist to define security architecture for the organization infrastructure and application.
  • Research and evaluate on latest security threats and technology solutions, such as Cloud, Big Data, Social Networking and Mobility.
  • Assist to establish and implement the assessment on outsourcing/third party security control.
  • Assist to establish and maintain security standards and guidelines with focus on application and network security.
  • Assist in establishing security baseline for key IT processes.
  • Plan, coordinate and drive IT security program to enhance secure posture assessment for critical information systems.
  • Proactively work with vendors to understand the up-to-date related technology for the possible Company implementation feasibility.
  • Assist to establish review processes on information security operation.
  • Work with the IT operation partners to monitor any system and network security threat and to apply quick remediation action.
  • Assist to build and manage computer security incident response program.
  • Assist to manage compliance measurement of security patch compliance for corporate infrastructure.
  • Assist to manage independent penetration test for the corporate infrastructure.
  • Assist in reviewing IT initiatives from technology risk perspectives.
  • Report findings on security inefficiencies and provide recommendation for improvement.
  • Assist in planning of technology related risk management strategies, processes and work plans.
  • Assist to establish security dashboard with key risk indicators

Job Requirements:

  • Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
  • Over 2 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
  • Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM) or Certified Internal Auditors (CIA) preferable.
  • Sound knowledge of network security or platform security.
  • Good command of written and spoken English with Mandarin is preferable.
  • Good communication and interpersonal skills; and
  • Independent and strong self-initiative.

We offer competitive remuneration package and comprehensive fringe benefits including medical and life insurance, and different types of allowances to the right candidates.

Data collected would be used for recruitment purposes only. Applicants who do not hear from us within 8 weeks may consider their application unsuccessful and their data will be destroyed within 24 months of receipt.