Compliance Specialist, Risk Management and Compliance

Job Responsibilities:

• Support supervisors in maintaining the risk management and compliance framework in line with HKMA Guideline on Supervision of Stored Value Facility Licensees and other applicable statutory and regulatory requirements
• Conduct and support product and solution risk assessments prior to implementation, covering technology, cybersecurity, operational, third-party, customer and compliance risks
• Assist in reviewing and logging risk assessment outcomes, identified control gaps, mitigation measures and actions, and tracking completion status 
• Support reviews of standard risk controls during onboarding of new partner (e.g. payment facilitators, technology or service providers) 
• Support post-implementation follow-up to ensure timely remediation of findings and continuous improvement of controls 
• Liaison with internal stakeholders (Technology, Business Owners, Product, Operations, Legal and Compliance) on risk assessment and remediation activities. 
• Support regulatory or external enquiries, incident reporting and information collation, under supervision
• Assist in monitoring regulatory developments and emerging technology and security risks relevant to product risks
• Provide support in preparing materials for risk committees, self-assessments, policy reviews, training delivery or other risk and compliance activities as required

Job Requirements:

• University Degree Holder. Major in Information Technology, Information System, Software Engineering, Cybersecurity, Governance, Risk and Compliance, Digital Law or related discipline is preferred.
• At least 3 years of relevant work experience in the financial services, payments, technology risk, product design, or implementation-related roles, with exposure to risk security or control considerations
• Exposure to end-to-end payment product or solution implementation, including external integrations (e.g. payment gateways, vendors, service providers)
• Experience supporting risk assessments, audits, control reviews or remediation tracking.
• Exposures to emerging technologies such as cloud services, AI-enabled solutions or Web3-related use cases 
• Basic understanding of application development life cycle (SDLC), technology risk concepts and control standards (e.g. ISO, ITIL)
• Awareness of cloud security principles, data protection, cybersecurity controls or regulatory expectations
• Relevant professional certifications (e.g. ITIL Foundation, cloud or information security-related qualifications such as CISSP)
• Ability to identify, assess and document risks and controls in a structure manner
• Strong analytical, communication and stakeholder co-ordination skills
• Good command of written and spoken English and Chinese (Cantonese; Mandarin preferred)
• Understanding of technology and regulatory risks associated with emerging technologies such as AI or Web3
• Detail-minded with a structured and logical approach to work
• Able to manage multiple tasks and follow up actions effectively under guidance
• Able to work independently and collaboratively in a team environment.
• Strong sense of responsibility and willingness to learn and develop in a risk management career

We offer successful candidate an attractive remuneration package and excellent career prospects. Interested parties please send your resume, present and expected salary, contact details and quoting the reference number by clicking 立即申請

Visit our web site: http://www.octopus.com.hk/

The personal data collected will be used for recruitment purposes only. If you are not contacted by us within six weeks, you may consider your application unsuccessful. Personal data with an unsuccessful applicant will be destroyed 12 months after rejection of the application. During this retention period, you have the right to request for correction or destruction of your personal data at any time. Any request for the correction or destruction of personal data should be addressed in writing to our Human Resources & Administration Department.

Octopus is an equal opportunity employer and all employment decisions and Human Resources policies are administered; especially those relating to recruitment & selection, compensation & benefits, promotion & transfer, training & development and termination & redundancy; without discrimination on the basis of age, race, colour, religion, sex,national origin, marital status, pregnancy, physical and mental disability and family status but on genuine occupational qualification, job performance, employees’ ability and internal/ external relativities.