How to build a growth model with an integrated digital ecosystem consists of business verticals ranging from e-Commerce, insurance, digital health, travel to FinTech services including digital wallets, BNPL and digital lending? Looking be a game-changer? Keep reading!

HKT’s Digital Ventures bring to life innovations that take fintech, loyalty rewards and e-commerce to the next level. Leveraged by high profiling loyalty program and big data of high future visibility, we run a very successful and promising digital ecosystem in Hong Kong.

Your responsibilities:

Technology Risk

• Perform technology risk assessments to identify control gaps, execute risk mitigation projects and provide support to IT on matters relating to regulatory, risk and corporate governance
• Review initiatives in accordance with regulatory bodies’ requirements (such as HKMA SPM, TM-E-1, TM-G-1, SA-2, OR-2, C-RAF, iCAST)
• Assessing the regulatory change impacting technology and driving related risk mitigation programs with technology stakeholders
• Implement and update security policies and procedures to maintain the technology risk level for the business unit
• To conduct security and cloud risk assessment on systems to identify potential threat and vulnerabilities
• To maintain risk register and communicate the identified risks and impacts with stakeholder
• Facilitate completion of Risk Control Self-Assessment (RCSA) and Regulatory Requirement Self-Assessment across Technology
• Follow up independent assessment, internal audit, security penetration test issues in a timely and controlled manner
• Conduct an independent reviews of technology risk incidents and related information to ensure the prevention, detection, containment and correction of security & data breaches
• Conduct and manage technology risk for 3rd party service providers

Others

• Train and develop team and support needs from other departments related to risk managementPromote and implement the risk analytics and data-driven
• Provide recommendations to senior executives for any potential problems & risks adhere to existing operation work flow and policies
• Participate in the new product approval (NPA) process about the technology risk
• Support needs from other stakeholders related to risk management
• Ad hoc task as assigned by supervisor

What you need to have as the essentials:

• Degree holder in Information Technology or related disciplines; Add-on with professional certifications like CISA/CISM/CISSP/CCSP/CRISC, and similar certifications.
• Minimum 4 years' of relevant experience, preferably with banking or financial institutions experience, in compliance, technology risk, or IT audit (either 1st line or 2nd line of defense)
• Knowledge with NIST CSF, ISO 27001, OWASP Top 10
• Knowledge in Cloud, Mobile App, API Security
• Sound knowledge of Information Security, System Resiliency & Availability & Software development practices, Application Security and frameworks preferred
• Strong knowledge of risk management, controls and processes
• Familiar with financial services industry including prepaid card / credit card process, Merchant Services and ecommerce.
• Familiar with and able to understand risk dynamics across the Firm and Provide prompt updates on any technology risk issues
• Keen interest in startup environment, fintech trends and sound knowledge of banking and financial products
• Strong leadership, communication and stakeholders management, analytical and problem-solving skills
• Great sense of ownership, self-motivated, work independently as well as being a good team player; Multi-tasked and able to work under tight timelines
• Proficiency in both English and Chinese

HKT is an equal opportunity employer and welcomes applications from all qualified candidates. Information provided will be treated in strict confidence and will only be used for recruitment-related purposes. Personal data provided by job applicants will be used strictly in accordance with the employer's personal data policies (www.hkt/privacy-statement), a copy of which will be provided immediately upon request.

All personal data provided by candidates will be used for recruitment purposes only by HKT Services Limited in accordance with HKT's Privacy Statement, which is available on our website. Unless otherwise instructed in writing, candidates may be considered for other suitable positions within the Group (being, HKT Limited, PCCW Limited and their respective subsidiaries, affiliates and associated companies). Personal data of unsuccessful candidates will normally be destroyed 24 months after rejection of the candidate's application. If you have any questions regarding your personal data held by HKT Services Limited HKT's Privacy Statement, please feel free to contact our Privacy Compliance Officer by writing to [via CTgoodjobs Apply Now] or GPO Box 9896, Hong Kong.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.