Responsibilities

• Implement and manage a governance framework for the management of technology risk for the Corporation to ensure compliance with laws and standards
• Develop, strengthen and implement corporate technology risk management strategies, policies and procedures, ensuring alignment with digital technology policy, business goals and statutory requirements
• Identify, assess and prioritize potential technology-related risks, such as cybersecurity threats, system failures, data breaches and third-party vulnerabilities. Evaluate the likelihood and potential business impact of risks using NIST, ISO 27001, or COBIT
• Develop strategies to manage and mitigate identified risks. Implement technical and procedural safeguards to address high-priority risks while balancing innovation and efficiency
• Execute high-quality control assurance and advisory tasks across various domains, including Business Continuity Planning/ Disaster Recovery, Project Management, Third-party Risk Management, Change Management, Incident Management, IT Operations and Release Management, for Information & Cybersecurity to ensure adherence to policies
• Oversee the implementation of a comprehensive Third-Party Risk Management Framework for the department. Evaluate risks from external partners (e.g., cloud providers, SaaS vendors) through due diligence and audits.
  
  

Requirements

• Degree in Information Technology, Computer Science, or Engineering.
• A minimum of 12 years’ relevant experience, of which 4 years in the managerial or team leader positions
• Proven experience in strategic planning and implementation of governance frameworks for IT governance or operations risks with strong knowledge of internal controls and assurance systems
• Solid experience in third party risk assessment and vendor management is an advantage
• Possession of a recognised and relevant professional qualification, such as CRISC, CISA, CISM or CISSP certification, is highly preferred
• Working knowledge of ISO 27001 & 27002, NIST CSF, ITIL, ISMS, COBIT is an advantage
• Strong stakeholder and project management skills with excellent interpersonal, communication and report writing skills
  
  

Applications

You are invited to apply online via http://www.mtr.com.hk/mtr_job_en or send in your CV stating the position (with reference number) you are applying for by mail to Human Resource Management Department, MTR Corporation, G.P.O. Box 9916, Hong Kong on or before 13 March 2025.

For other job openings, please visit MTR Corporation's website for more details.

All information provided by applicants will be treated in strict confidence and used for recruitment purpose only. All personal data of unsuccessful applicants will be retained for 12 months for future recruitment purpose and will then be destroyed.

Primary Location

Hong Kong

Schedule

Full-time

Job Posting

27/Feb/25, 5:28:29 PM

Closing Date

13/Mar/25, 11:59:00 PM

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.