Technology Risk Analyst

Responsibilities:

Perform the technology risk assessment to identify control gaps, provide the advisory and monitor of the risk mitigation plan.

Participate in the new product / service assessment related to technology risk.

Follow up independent assessment, internal audit, security penetration test issues in a timely and controlled manner.

Assessing the regulatory change impacting technology and driving related risk mitigation.

Review the technology risk / information security / data management policies.

Assist in coordinating, planning, and managing technology risk and data management initiatives in alignment with internal polices and regulatory requirements.

Support business units in the timely completion of technology risk and data management tasks, ensuring the quality standard including delivering briefings and responding to task-related inquiries. Collaborate closely with business units to integrate technology risk management and data management practices into daily operations.

Conduct security control assessments and technology risk evaluations for 3 rd party service providers, including review of control evidence, risk remediation plan to ensure compliance with information security policies and regulatory expectations.

Assist in managing technology risk incidents by coordinating response efforts, facilitating root cause analysis, ensuring timely resolution, and maintaining comprehensive documentation for audit and reporting purposes.

Coordinate and organize regular training sessions, meetings to promote understanding and adherence to evolving technology risk and data management standards across business units.

Requirements:

Bachelor’s Degree holder in Information Technology, Computer Science or related field.

Add-on with professional certifications like CISA/CISM/CISSP/CCSP/CRISC.

4 - 5 years of relevant experience, preferably within banking, insurance, or financial institutions, in compliance technology (either first or second line of defense) or IT audit.

Knowledge of cloud computing, application security (mobile and web), and AI-related risk and security.

Familiar with and able to understand risk management framework and regulatory requirements (HKIA: GL20, TIBASE, GL14; HKMA: C-RAF, TM-G-1, TM-E-1; PCPD Privacy).