Job Purpose

The job holder is responsible to lead Technology Risk Management (TRM) team to address and prevent technology related risks in response to regulatory requirement and the latest market development.

Responsibilities

• Responsible for the 2nd line of defense in technology risk related matters under 3 tiers of risk defensive model
• Maintain and uphold the TRM framework by referring to the best practice of risk governance and management
• Manage to conduct technology risk assessment and recommends to senior management or relevant committees the status of risk acceptance or mitigation and whether residual risk persists
• Organize and plans the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI), such as conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development
• Ensure IT practices and controls are adequately developed to address customer data leakage risk
• Manage the performance review of IT outsourcing and service providers in relation to their technology risk compliance with regulatory requirement and Bank’s internal policy  
• Provide consultancy and advice to the adoption of emerging and disrupting technologies by new initiatives in relation to technology risk
• Organize bank-wide awareness or education program to promote the security cultures of the Bank

Requirements

• Degree holder preferably in Information Technology, Risk Management or relevant discipline
• Minimum 10 years working experience in audit, technology risk management or information security management with at least 3 years in supervisory role
• Certified in CISSP, CISA, CISM or other recognized certificate is a must
• Obtained Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
• Thorough knowledge of risk management practices in IT Infrastructure, IT Application and Service Management.
• Familiar with regulatory and industry compliance requirements such as HKMA SPM, MAS, CBRC, FFIEC, PCI-DSS SWIFT CSP and etc.
• Good understanding of industry best practices e.g. ISO20001 and COBIT
• Knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage
• Good command of spoken and written English and Chinese (including Putonghua)

For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp. Please apply with full resume stating current and expected salaries.

Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.

China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner.