Assistant Manager to Senior Manager, Technology Risk Management (Ref: RMD-TRM-SH-ICBCA)

Responsibilities:

• Lead and develop a set of IT control policies which establish the ground rules for IT controls. Review regularly, and where necessary update the IT control policies to accommodate changing operating environments and technologies.
• Ensure business units and IT functions awareness of, and compliance with, the Bank’s IT control policies.
• Manage to conduct regular IT key risk assessments (KRA) and develop/ monitor effective Key Risk Indicator (KRI), recommend to senior management and risk management committees the identified key risk points.
• Assist business units and IT functions to perform the technology risk management process which identifies, measures, monitors and controls technology-related risks of existing/new systems and processes.
• Implement technology risk awareness and training program for the Bank staff.
• Drives the implementation of HKMA’s Cybersecurity Fortification Initiative (CFI) including risk and maturity assessment, intelligence sharing platforms and professional development.

Requirements:

• Degree holder preferably in Information Technology discipline or Risk Management or related discipline.
• Minimum 3-7 years working experience in Technology Risk Management or Technology Audit or Information Security Management.
• ECF-C certification such as CISA, CISM, CISSP.
• Familiar to regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2).
• Strong understanding of control frameworks and industry standards including ISO27001, COBIT and SANS TOP 20.
• Proven experience in writing policies, procedures and reports.
• Strong knowledge of Windows and Unix OS.
• Strong knowledge of IT infrastructure, networks and databases.
• Good command of MS Office skills especially Microsoft Word and Excel.
• Good command of spoken and written English and Chinese including spoken Putonghua.

To apply, please send full resume including present and expected salary to