You will be able to work in conjunction with other professional colleagues and specialists, the IT Risk Senior Manager is responsible to the development and implementation of IT risk management governance programmes with the alignment of the Company's strategic IT risk direction. You are responsible for technology disaster recovery planning and the coordination of periodic drill exercises.
Technology Risk Management
- Review policies and procedures to manage cybersecurity threats, IT protocols, application management practices and supervision and ensure that they are compliant with regulatory requirements.
- Collect and validate data that measure technology key risk indicators to monitor and communicate their status and initiate corrective actions, to ensure IT systems and services are operating securely.
- Provide oversight on the enforcement of those notices and guidelines of Technology Risk issued by the Securities & Future Commissions ("SFC") and respond to these enquiries and coordinate compliance exercises, assessments and reviews.
- Manage and communicate with group offices, business partners, IT vendors and external parties on IT security matters.
Technology Governance & Control
- Leaded by the Company's IT Risk team, develop and manage technical risk portfolio and governance model and support the roll out of initiatives and projects.
- Identify cybersecurity risk and critically assess potential implications and major areas of vulnerabilities in IT systems by arranging regular security assessments, vulnerability scanning and penetration tests.
- Support Security operating centre to monitor and report suspicious activities and manage security incident response and investigation.
- Support regular internal/external audit and track on the remediation status for those identified gaps and issues.
- Develop and implement training plans to uplift user's technology risk awareness and cyber-safe business processes across the organisation.
- Develop technical risk awareness programme to promote a risk-aware culture and business users will understand IT risk they are facing.
- Perform security assessment service on external IT service provider to ensure appropriate security measures are in place.
Technology Disaster Recovery Planning
- Conduct technology Impact analysis and continuity risk assessments of critical technology assets.
- Manages the design, implementation, and communication of technology disaster recovery plans and crisis management and coordinate periodic drill exercises.
- Degree holder in Computer Science, Information Systems, or related discipline.
- Minimum of 10 years of experiences in technology risk management and control, gained from banking or insurance companies, which includes at least 2 years of technology experience knowledge to support recovery strategy design and testing.
- Solid experience in handling with technology Audit and cybersecurity assessments against information security frameworks or standards, such as ISO 27001, PCI-DSS, etc.
- Familiar with relevant technology control requirements from the regulatory bodies of Hong Kong, such as Securities & Future Commissions ("SFC").
- Excellent communication and highly effective facilitator of cross functional teams.
- Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
To quickly apply, please send your CV to this email: firstname.lastname@example.org for a confidential chat.