Director, Technology Risk Management
BOC International Holdings Ltd
- Company Industries:Financial Services
Job Information
- Post Date:2022-05-30
- Location:Not Specified
- Employment Type:Full Time
- Job Function:Information Technology (IT) Others
Job Description
Responsibilities:
- Provide IT Risk & Security consultancy to the IT Division on technology risk management framework, IT policy and procedure, regulatory requirements and industry best practice around IT risk, IT security and regulatory compliance;
- Develop and maintain a fit and proper technology risk management and IT security framework for the company;
- Perform risk & control assessments on IT processes to articulate and explain the risk to management as well as propose mitigating controls to reduce the risk;
- Define IT security control requirements & policy;
- Oversight of threat & vulnerability management to ensure that high risk threat & vulnerability are properly addressed by relevant parties;
- Promote IT security awareness across the company;
- Assist on the investigation of IT security incident;
- Formulate IT risk and security requirements for 3rd party service providers and overseas offices from a governance perspective to assure that IT risk and security requirements are being managed;
- Perform and manage the Operational Risk Event Reporting according to the requirements from Operational Risk Management;
- Maintain IT risk register to record all the potential IT risk being identified and manage all identified risk according to the technology risk management framework;
- Develop and maintain Key Risk Indicators and security metrics for continuous monitoring of the company’s IT risk and security posture;
- Perform IT regulatory compliance assessment & reporting, work closely with Legal & Compliance Division on responding to circulars & notices that affect the IT Division;
- Coordinate all internal/external IT audit & regulatory inspection
- Assist the team head and provide support on other service areas across the function covering Technology Risk Management and Business Continuity Management.
Requirements:
- Extensive knowledge of IT risk and security principles and best practices, practical experience in IT security and to conduct IT security risk assessment
- Sound knowledge across different domains including information security, cyber security, risk & control, operational risk management
- Experience in performing IT regulatory compliance assessment & reporting
- Familiar with the regulatory environment of the banking and finance industry including the requirements from HKMA and SFC
- Strong communication and interpersonal skill and be able to work with stakeholders at all levels
- Strong business knowledge on investment banking, securities brokerage and private banking business
- Degree holder major in Computer Science or related field
- At least 8 years of experience in multiple areas including technology risk, information security, cyber security, regulatory compliance, risk & control and/or operational risk management from the banking and finance industry
- Certification in information security, IT audit, and/or business continuity (e.g. CISA, CISM, CISSP or DRII/BCI)
- Prior experience gained as an auditor is desirable
Company Info
As a leading investment bank in China and Hong Kong region, the investment banking arm of Bank of China, BOC International Holdings Limited (“BOCI”), is now seeking highly motivated, creative and success-oriented professional who would like to pursue the career in our group.
Position | Company | Location | Update |
---|