Assistant Vice President / Vice President, Technology Risk Management

Responsibilities:

• Provide technology risk management support including security risk assessment, security exceptions handling and technology risk reporting matters
• Review and monitor the rulesets and alerts of the Bank’s Data Loss Protection (DLP) systems for Web Upload, Printing, Portable Storage and E-mail Filtering
• Provide advices to the development and implementation of the Bank’s policies, guidelines and procedures related to IT security controls
• Provide IT security advisory services to ITG and business/operational units on security standards, architecture of new products, applications and systems, and implementing security controls in existing systems and applications
• Collect cyber threat intelligence from various information sources, review and assess the information collected and request ITG to take appropriate actions
• Overall coordination of annual cyber security drill including the drill planning, execution and reporting.
• Conduct onsite security risk assessments on outsourcing vendors
• Conduct IT compliance risk assessments which involves identifying, analyzing, describing and estimating the IT compliance and technology risks affecting the Bank and report timely on any exceptions to the department head
• Review and monitor key risk indicators and control self-assessments of ITRM to ensure the effectiveness of these tools in identifying and escalating IT internal control issues in a timely manner
• Assess potential fake websites detected and advise appropriate actions and report the case to appropriate authorities
• Promote and enforce regulators’ and the Bank’s policies and guidelines related to IT security through conducting training and information sharing sessions in the Bank

Requirements:

• University degree in Computer Science, Information Systems or other technology-related disciplines
• Possess recognized certificates of Enhanced Competency Framework for Banking Practitioners (e.g. CISA, CISSP, CISA, CRISC, CGEIT, CCSP)
• At least 3 years working experience in the banking industry
• At least 5 years working experience in technology risk management and information security
• Knowledgeable in IT security technologies, including authentication mechanism and cryptography
• Understanding of the HKMA’s and other regulatory requirements