Senior Operational & Technology Risk Manager (Technology Infrastructure & Regulatory) - Risk Management

The Bank of East Asia, Limited

Position Summary

 

The job holder is responsible for the 2nd line of defense in Operational and Technology risk related matters under 3 lines of defense model, establishing risk management framework, policy and bank-wide risk control mechanism for identifying and managing the risk in accordance with the Enterprise Risk Management (“ERM”) and Cybersecurity Resilience Assessment (“C-RAF”) frameworks. The governance is applied to Head Office, BEA China, branches in Macau, Taiwan and Overseas and significant subsidiaries.

 

Responsibilities

  • ERM and C-RAF Functions - Perform the 2nd Line of Defense functions to deputize and support the Operational & Technology Risk Department (OTMD) Head in discharging his duties as the Risk Controller of operational & technology risk for the Bank Group under the ERM and C-RAF
  • Risk Assessment – key Assess the adequacy and effectiveness of operational & technology risk controls among the Bank Group
  • Risk Management Process – Follow up with the Risk Owners to ensure the decisions and instructions given by the GCRO, Management Committees, Risk Committee and the Board are properly and timely implemented; Manage the established control mechanisms to ensure operational and IT security/risk compliance within the bank
  • Risk Reporting – Support the preparation of management reports on compiling management reports on the monitoring results of operational risk for the Bank Group for submission to the GCRO, the Operational Risk Management Committee, the Risk Management Committee, the Risk Committee and the Board, as appropriate
  • Risk Management Initiatives – Support the development of the Annual Work Plan for OTMD and lead respective section in implementing key initiatives covered in the Annual Work Plan and as assigned by GCRO and Head of OTMD
  • Risk Manual Setting - Maintain the Operational and Technology Risk Management Manual for documenting the risk governance structure, policies, processes and guidelines for approval by the Management Committee and the Risk Committee
  • Risk Monitoring - Review and monitor the management of operational & technology risk which includes reviewing risk assessments, key risk indicators, incident reporting and escalation, issue management, and conducting thematic reviews, periodic review and regular review. Review regular reports submitted by regional office and oversight any exception or deviation from the standards or requirements set by the Group. Identify control weaknesses in the assessment of the risk arise from existing or new product and business through on-going monitoring and make value-added recommendations for improvement
  • Change Oversight – Review the new business/ products/ systems  from operational & technology risk perspective, and assess if all material risks or issues have been identified and addressed prior launch
  • Communication and Liaison – Assist the Head of OTMD in corresponding with the regulators and other parties in relation to the operational and technology risk management related issues of the Bank Group, including incident reporting, notification of material outsourcing, examinations, risk and maturity assessment, adoption of intelligence sharing platform, professional development and ad-hoc enquiries
  • Operational Risk Management Committee – Monitor the risk related record in\ the management reporting system. Ensure the accuracy and timeliness of the management reports submitted to Operational Risk Management Committee, senior management, GCRO and other Committee, as needed
  • Manage Other Risk Types – Perform the 1st Line of Defense functions for the other risk types relevant to OTMD in accordance with the roles and responsibilities designated by the Board for the Risk Controllers of the relevant risk types under ERM

Requirements

  • University graduate, preferably major in Risk Management, Computer Science or equivalent and the relevant professional qualifications or recognized certificates in operational and technology risk, such as ECF on operational risk management, CISSP, or CISA. HKIB qualification would be advantageous
  • A minimum of 10 years’ work experience in Banking and Finance, or Auditing covering the following:
    • At least 3-5 years solid experience at senior level in technology risk management, internal control function, information security or IT audit
    • Supervisory experience and knowledge of BASEL and operational risk management is an advantage
    • Sound knowledge in regulatory requirements related to technology and information security in banking sector such as HKMA Supervisory Policy Manual modules TM-G-1, TM-E-1, TM-C-1, relevant policies OR-2, IC-1, OR-1, TM-G-2 and SA-2, and other regulatory SFC, IA, MPFA, MAS and NFRA, and industry standards such as PCI-DSS, SWIFT-CSCF etc.
    • Good understanding on Banking operation
    • Thorough knowledge of risk management practices in IT architecture, infrastructure, systems development and service management
    • Strong communication skills including ability to communicate clearly to different levels of seniority, top management, business and support divisions and departments
    • Strong project management skill and analytical mindset
    • Good command of both spoken and written English and Chinese, fluent in Putonghua is preferable

 

更多工作資料
薪酬 N/A
待遇
  • 五天工作週
  • 生日假
  • 員工免費膳食
  • 醫療計劃
  • 社交/休閒及運動設施
工種
  • 銀行 · 金融服務 - 風險管理
工作地點
  • 觀塘
僱用形式
  • 全職
教育程度
  • 學士

類近好工

Manager, Business Management (Corporate Banking) – 6-Month Contract

Shanghai Commercial Bank Ltd

Part-Time Translator

UOB Kay Hian (Hong Kong) Limited

Personal Banking Manager – (Contact Centre, Digital Hub)

Bank of China (Hong Kong) Limited

Investment Project Manager - Hang Seng Bank (HK)

Hang Seng Bank

Senior / Dealer (Precious Metal)

Bank of China (Hong Kong) Limited

Middle Office Assistant (Fresh Graduates Welcome)

UOB Kay Hian (Hong Kong) Limited