Deputy Manager to Manager, Tech Risk Management (Cyber Security)

Job Responsibilities

• According to Hong Kong & Mainland China regulatory requirements, analyze the current situation of cyber security in the bank industry, review the existing monitor mechanisms of banks on cyber security threats and propose security reinforcement and prevention recommendations
• Review the existing monitor strategies, management processes, and technical standards of banks on cyber security threats, participate in infrastructure vulnerability and penetration testing, conduct cyber security assessments, and carry out cyber incident investigation and analysis
• Perform the technology risk management process which identifies, measures, monitors and controls technology-related risks of existing/new systems, processes and initiatives
• Ensure awareness of, and compliance with, the Bank’s IT control policies, and to provide report with recommendations, if any, after investigation of any technology-related incidents
• Implement risk issue management procedures for assuring the required policies and guidelines are enforced in daily operation
• Recommend and implement remedial actions and control measures
• Plan and work with the technology team and any concerning parties on technology related initiatives
• Perform review and/or security assessment on the related initiatives

Requirements

• University graduate with major in Computer Science, IT or related disciplines, with professional qualification such as CISSP, CISM, CISA, CREST CPSA / CRT, CEH is preferred
• At least 3 to 5 years of relevant work experience in IT / Cyber Security, e-Banking security, BCP/DR and/or relevant risk control area
• Solid experience in handling technical information / cyber security issues and good understanding of business processes and related regulations including HKMA TM-G-1, TM-G-2, SA-2, C-RAF, STDB, SFC, PDPO, etc.
• Proven experience in writing policies, procedures and reports is a must
• Familiar with infrastructure platforms, e.g. Data Centre Operations, Network Services (Voice / Data / Routing & Switching, security), Messaging, Desktop technology, Distributed Servers (UNIX and Windows), Mainframe etc.
• Knowledge / experience on ISO27001 is an advantage
• Work independently with good communication and interpersonal skills
• Conversant with MS Word, Excel & Chinese character input
• Good command of written & spoken English and Chinese including Putonghua