Responsibilities:
- Assist to establish and review the technology risk management policy, mechanism and tools of the Group with reference to Head Office and regulatory requirements.
- Assist and monitor first line of defense in applying technology risk management tools in identifying, assessing, monitoring and controlling technology risk, and provide guidance on necessary mitigation measures.
- Assist to prepare regular management reports on technology risk status of the Group.
- Assess the adequacy and effectiveness of the controls from technology risk perspectives during due diligence of new products/ service / AI applications propositions and incident handling, provide advisory and recommendation on new technology solution of IT initiatives.
- Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial action(s)
- Assist in the implementation of AI solutions in risk management initiatives.
Requirements:
- Bachelor Degree holder or above with major in Information Technology or related disciplines.
- With 6 years or above banking experience and within which at least 3 years experience or above in IT security, technology risk or IT audit field of banking industry. (Senior Technology Risk Manager)
- With 4 years or above banking experience and within which at least 2 years experience or above in IT security, technology risk or IT audit field of banking industry. (Technology Risk Manager)
- Holders of Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM) is preferred.
- Sound knowledge in HKMA requirements and industrial standards in technology risk management. (Senior Technology Risk Manager/ Technology Risk Manager)
- Understanding of AI technology, development frameworks and tools. Experience in implementing AI solutions. Holder of ISACA Advance in AI Audit (AAIA) certificate is a plus.
- Be able to work independently and under pressure. Be a good team player.
- Attention to details, good analytical and interpersonal skills.
- Good communication skill (including in Cantonese, Mandarin, English). Proficiency in preparing presentation materials and reports in Chinese will be an advantage.
If you are applying for in-scope position(s) under the Mandatory Reference Checking Scheme (i.e., A role carrying out regulated activities licensed by the IA, SFC & MPFA), you are required to undergo the Mandatory Reference Checking. Our responsible recruiter will inform you the details of the MRC process and the requirements in due course. For details, please click here .