Technology Risk Management Manager

  • Competitive
  • Hong Kong
  • Permanent, Full time
  • Bank Of China (Hong Kong) Limited
  • 22 Sep 17

Technology Risk Management Manager

Responsibilities:

  • Provide advisory and recommendation from risk perspective
  • Assist to define security architecture for the organization infrastructure and application
  • Research and evaluate on latest security threats and technology solutions, such as Cloud, Big Data, Social Networking and Mobility
  • Assist to establish and implement the assessment on outsourcing/third party security control
  • Assist to establish and maintain security standards and guidelines with focus on application and network security
  • Assist in establishing security baseline for key IT processes
  • Plan, coordinate and drive IT security program to enhance secure posture assessment for critical information systems
  • Proactively work with vendors to understand the up-to-date related technology for the possible Company implementation feasibility
  • Assist to establish review processes on information security operation
  • Work with the IT operation partners to monitor any system and network security threat and to apply quick remediation action
  • Assist to build and manage computer security incident response program
  • Assist to manage compliance measurement of security patch compliance for corporate infrastructure
  • Assist to manage independent penetration test for the corporate infrastructure
  • Assist in reviewing IT initiatives from technology risk perspectives
  • Report findings on security inefficiencies and provide recommendation for improvement
  • Assist in planning of technology related risk management strategies, processes and work plans
  • Assist to establish security dashboard with key risk indicators

Requirements:
  • Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline
  • Over 2 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
  • Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM) or Certified Internal Auditors (CIA) preferable
  • Sound knowledge of network security or platform security
  • Good command of written and spoken English with Mandarin is preferable
  • Good communication and interpersonal skills
  • Independent and strong self-initiative