Deputy Manager to Manager, Tech Risk Management (Cyber Security)
Industrial and Commercial Bank of China (Asia) Limited
Job Responsibilities
According to Hong Kong & Mainland China regulatory requirements, analyze the current situation of cyber security in the bank industry, review the existing monitor mechanisms of banks on cyber security threats and propose security reinforcement and prevention recommendations
Review the existing monitor strategies, management processes, and technical standards of banks on cyber security threats, participate in infrastructure vulnerability and penetration testing, conduct cyber security assessments, and carry out cyber incident investigation and analysis
Perform the technology risk management process which identifies, measures, monitors and controls technology-related risks of existing/new systems, processes and initiatives
Ensure awareness of, and compliance with, the Bank’s IT control policies, and to provide report with recommendations, if any, after investigation of any technology-related incidents
Implement risk issue management procedures for assuring the required policies and guidelines are enforced in daily operation
Recommend and implement remedial actions and control measures
Plan and work with the technology team and any concerning parties on technology related initiatives
Perform review and/or security assessment on the related initiatives
Requirements
University graduate with major in Computer Science, IT or related disciplines, with professional qualification such as CISSP, CISM, CISA, CREST CPSA / CRT, CEH is preferred
At least 3 to 5 years of relevant work experience in IT / Cyber Security, e-Banking security, BCP/DR and/or relevant risk control area
Solid experience in handling technical information / cyber security issues and good understanding of business processes and related regulations including HKMA TM-G-1, TM-G-2, SA-2, C-RAF, STDB, SFC, PDPO, etc.
Proven experience in writing policies, procedures and reports is a must
Familiar with infrastructure platforms, e.g. Data Centre Operations, Network Services (Voice / Data / Routing & Switching, security), Messaging, Desktop technology, Distributed Servers (UNIX and Windows), Mainframe etc.
Knowledge / experience on ISO27001 is an advantage
Work independently with good communication and interpersonal skills
Conversant with MS Word, Excel & Chinese character input
Good command of written & spoken English and Chinese including Putonghua