Responsibilities:

• Establish and review security policies and operational process periodically for security control enhancement, and ensure alignment with BOC Group standards and regulatory requirements.
• Develop procedures for managing risk to enforce necessary policies and guidelines in daily operations.
• Monitor and provide guidance to the first line of defense on technology risk management tools, assist in identifying, assessing, monitoring and controlling technology risks, and recommend appropriate mitigation strategies.
• Prepare regular reports on the technology risk status for the Group and relevant stakeholders.
• Analyze the effectiveness of controls from a technology risk perspective during due diligence of new products/ service propositions and incident responses, provide security advice and recommendations for IT solutions and systems.
• Oversee technology risk-related regulatory examinations and communication, conduct risk reviews, provide recommendations to mitigate control weaknesses, and track the progress of remedial actions.
• Develop and implement measures to meet regulatory requirements regarding cybersecurity risk.

Requirements:

• Bachelor Degree holder or above with major in information Technology or related disciplines.
• At least 4 years’ solid experience in IT security, technology risk or IT audit field, preferably gained in pension fund or finance industry.
• Sound knowledge of the requirement of regulatory bodies and industrial standards in technology risk management.
• Work independently and under pressure.
• Detailed-oriented, good analytical and interpersonal skills.
• Strong communication skills (including in Cantonese, Mandarin, English) and a team player.
• Proficiency in preparing presentation materials and reports in Chinese will be an advantage.
• Holders of Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM) is preferred.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.