Technology Risk Manager

  • Competitive
  • Hong Kong Hong Kong Hong Kong HK
  • Permanent, Full time
  • State Street
  • 17 Aug 18 2018-08-17

Technology Risk Manager

Contribute to the development and implementation of a global technology risk governance model and framework. Develop and communicate technology risk management policies, guidelines and standards across the organization ensuring risks are identified and managed effectively. Overall management expectations are to provide strategic leadership, vision and on-going support to IT, functional groups and business lines regarding best practices and trends.

Technology Risk:

  • Implement the State Street's ETRM program and framework across the APAC footprint.
  • Work in close collaboration with ETRM Global teams and ERM APAC team to assure the firm's technology risks are identified, monitored and measured in alignment with State Street's ETRM framework and risk appetite.
  • Develop effective communication channels to ensure technology risk exposure is measured as well as the transparency and timely escalation of significant technology risk issues across the APAC region.
  • Support ERM programs such as MRI, RCSA, Operational Risk reporting etc. as necessary
  • Participate in due diligence efforts for new clients, vendors and M&A activity, as needed.
  • Serve as liaison with other Risk disciplines and internal departments as needed.

Governance and Oversight:
  • Oversee governance, policy and framework execution across the APAC region assuring alignment with global policies and framework.
  • Support the overall development of technology risk oversight and embed the ETRM framework in APAC
    • Oversee the infrastructure of Security and Technology risk management and ensure practices are consistent with regulatory expectations, industry sound practices and business needs.
    • Oversee external vendors and outsourced functions from a technology risk view point.
    • Oversee risk and vulnerability assessments of the business systems and applications, and facilitate compliance/control reviews and associated remediation efforts.
    • Partner with Corporate Information Security and IT teams and to implement appropriate solutions to mitigate exposure as needed.
    • Contribute to the enhancement and evolution of the corporate ETRM program and framework, including execution of targeted risk assessments on holistic technology risks
  • Oversee communication with APAC regulators in alignment with the ETRM program.
  • Report to committees (e.g. entity & regional) as needed with appropriate and timely information for the committees/Boards to effectively discharge their responsibilities

Risk Excellence and Education/Awareness:
  • Promote and support a culture of effective challenge and risk aware culture throughout the organization.
  • Provide technology risk management consulting to the business, technical and other functional groups and to provide ongoing guidance and direction in alignment to ETRM strategy.
  • Maintain understanding of regulatory developments and their impact on State Street's businesses operating across the APAC region and support activities related to regulatory initiatives.
  • Coordinate and collaborate with other risk functions and control functions.
  • Develop, deliver and participate in Risk Management presentations internally and externally.
  • Participate in New Business and Product Review Approval process or due diligence exercises as applicable.
  • Provide appropriate management information as required to support business unit decision making.
  • Serve as a subject matter expert in technology risk, controls, compliance, and information security best practices.
  • Conduct and/or coordinate training on technology risk management
  • Display a culture of individual ownership of tasks to embed a clear individual sense of accountability in performing the role.
  • Maintain the highest standards of conduct and integrity and ensure compliance with accepted industry practice, company policies, statute and regulatory requirements.Committee & Memberships:
  • Member - APAC IT Risk Excellence Committee
  • Co-Chair - APAC Meetings on Technology Risk with IT teams
  • Represent ETRM APAC in project working groups and steering committees as required.

Qualification:
  • Sound experience working in technology risk management
  • Experienced technical leader with over 5-10 years of working experience in IT infrastructure, application development and or security with specialty in:
    • Security and Information Assurance
    • Application Development
    • Strategic IT Software and Security Architecture
    • Managed Risks associated with Information Security Issues
  • Experienced with risk based assessment methodologies.
  • Ability to interact with seasoned colleagues on Technology Risk agenda.
  • Ability to contribute to effective governance at regional level and entity level.
  • Ability to effectively manage multiple priorities.
  • Strong interpersonal, management, negotiation and presentation skills
  • Minimum 15 years of experience in the financial, consulting or technology industries. Experienced in successfully working for a large global organization
  • Certified in Risk and Information Systems Control (CRISC) or other risk methodologies is desired.
  • Strong consulting background in IT/Security/ IT Audit is desired.
  • Practical experience in the selection and operation of GRC tools is desired
  • Undergraduate and advanced degrees in technology, finance, accounting or related field