We are now looking for high calibre and passionate individuals to join us to undertake this multi-billion HK dollar transformation project leading the MPF ecosystem to a new era.  If you are passionate about creating a positive impact on the working population of Hong Kong and are keen and willing to work in a start-up style environment, please join our growing team to contribute to the transformation journey.


Key Accountabilities

There are 2 major areas of work covered by the Operational Risk Management Team.  One is development and implementation of the enterprise risk management (ERM) framework and relevant mechanisms for the eMPF Platform Company (the Company), and the other being development, formulation and monitoring of the operational risk management framework for managing the eMPF platform (the Platform) which is being developed, implemented, administered and operated by a third party delivery partner (the “Delivery Partner”).  Key responsibilities of this position are to assist the Team Lead in the followings:

For both the Company and the Platform:

• Formulation and driving the operational risk management and governance framework to ensure full compliance with relevant regulatory requirements and best practices for benchmarking the deliverables by the Company per se and the Delivery Partner for the Platform;
• Collaborating with various operations and processing teams, i.e. all Divisions / Departments of the Company and the relevant Teams of the Delivery Partner (collectively namely the “first line of defence users/teams”), to design effective and implementable controls in compliance with relevant rules and regulatory requirements, managing operational and processing risk by continuous improvements in control procedures to ensure effective and efficient use of resources, tracking of audit points closure by designing appropriate enhanced controls until implementation and closure of actions, promote operational risk awareness across the Company as well as personnel supporting the Platform via the Delivery Partner, etc., and all other aspects relevant to operational risk management;
• Establishing and implementing oversight and monitoring mechanism together with the first line of defence users/teams on operational risk related work, including but not limited to risk monitoring metric (such as key risk indicators, KRI), risk and incident register for recording and monitoring all potential risks being identified to ensure proper follow up until the implementation of rectification, risk and control assessment (RCA) to monitor and assess the proper functioning and adequacy of existing controls;
• Ensuring relevant governance goals are being translated into policies and procedures which can be implemented, enforced and monitored in actual practice;
• Keeping abreast of the development in the market by conducting ongoing research and developing core knowledge of industry best practices for operational risk management and assurance;
• Ensuring the implementation of initiatives adheres to strategic architecture and governance model, and up to market standards;
• Working closely with Legal and Compliance Team to keep abreast of any changes in relevant rules and regulations; developing relevant risk policies and procedures and communicate to relevant stakeholders and first line of defence users/teams to uphold the requirements of the rules and regulations; and performing compliance assessment on operational risk as appropriate;
• Providing regular and ad hoc reporting to management on work progress and potential issues.  For issues handling, collaborating with the first line of defence users/teams from the Company and the Delivery Partner, Information & Technology Risk Team and Data Assurance Team, as appropriate, on root cause analysis as well as review and monitoring of remediation plans and implementation;
• Developing systemic risk management reporting and escalation procedures to assist management to identify and manage potential operational risks of the Company and the Platform; and
• Reviewing operational risk incidents / complaints, monitoring action plans and work with responsible stakeholders on operations enhancement and/or risk mitigation.

For the Company:

• Formulating the ERM strategy and framework for the Company, e.g. formation and implementation of Risk Management Committee as appropriate, and leading the implementation of ERM of the Company;
• Working with the holding company and MPFA on risk reporting and assessment initiatives; and
• Supporting the risk assessment and control designs on new projects, engaging in process-risk-control studies, reviewing internal control activities and making recommendations on improvements.

For the Platform:

• Working closely with the Delivery Partner to review and approve deliverables, including but not limited to the completeness and reasonableness of the detailed work submitted by the Delivery Partner comparing with market practice, e.g. development and maintenance of a fit and proper operational risk management and assurance framework, up-to-date control measures in accordance with new / revised regulatory requirements, tools for reporting and monitoring issues, incidents and audit points; recommendation from various review exercises, etc., and all other aspects relevant to operational risk management and assurance applicable to the Platform; and
• Overseeing the Delivery Partner’s operations and management of operational risk management and assurance related initiatives.
• Providing support to review and verify the effectiveness of the Delivery Partner’s development and implementation of controls on technology risks.

Skills and Qualification

• Degree holder in Business related disciplines;
• Minimum 10 years (for Senior Manager) / 8 years (for Manager) of relevant experience of operational risk management, internal audit or process control transformation preferably gained from financial institutions;
• Sound knowledge with extensive experience in operational risk management and internal controls covering various kinds of operations and transaction processing;
• Proactive, responsible, good problem solving, multi-tasking, communication and interpersonal skills, independent and yet a good team player with strong control and market sense;
• Attention to detail with good analytical skills and willing to work hands-on with first line of defence users/teams directly;
• Qualified accountant with experience gained from the Big Four accounting firms focusing in financial industry or internal audit in financial institutions is preferred;
• Literate in management of technology risk or IT security audit
• Good command of both spoken and written Chinese and English with the ability to effectively articulate complex issues in an organized manner; and
• Keen and willing to work in a start-up style environment with all the flexibility that requires and level of change involved.

Remuneration Package

Rank and salary will be commensurate with qualification and experience. The initial appointment will be made on a fixed-term contract.  A competitive remuneration and benefits package including discretionary performance-linked variable pay, annual leave, medical, dental and life insurance coverage, and MPF will be offered.

To Apply

Interested candidates are invited to apply by sending full career details and application letter, quoting the position applied for and job reference number, with information of current and expected remuneration as well as earliest availability through the "Apply Now" button. 

The closing date for application is 5 July 2022.  Applicants not contacted for follow up within 3 months after the closing date for application may assume that their applications are unsuccessful.  Applications not selected for further processing may be considered for relevant openings in the future but their applications will not be retained for more than a period of two years after the closing date.

The information provided will be kept confidential and only be used for those purposes relating to your application.  Please visit our website for the details of the MPFA’s Personal Information Collection Statement at https://www.mpfa.org.hk/en/mpfa/joining-mpfa/job-vacancies/personal-information-collection-statement.  The MPFA is an equal opportunities employer and welcomes applications from all qualified candidates.

The MPFA was set up in September 1998 under the Mandatory Provident Fund Schemes Ordinance (Cap. 485). Our mission is to regulate and supervise privately managed provident fund schemes; to educate the working population about saving for retirement and the role of the MPF System as one of the pillars supporting retirement living; and to lead improvements to provident fund schemes to make them more efficient and user-friendly, and better meet the needs of the working population.

Staff are our most valuable asset. We are looking for talents who are willing to adopt our core values in performing their work: Commitment, Quality, Teamwork and Community Perspective; and share our concern for the retirement protection of Hong Kong’s workforce. Those who are interested in pursuing our mission and developing their careers in the MPFA are invited to join us.