Business Function

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Responsibilities

• Partner with stakeholders across Group and Local Technology and Risk Management functions to assess and manage technology risks relating to areas such as Site Reliability Engineering, and Emerging Technology, including but not limited to Generative AI and Public Cloud
• Provide technology risk subject matter guidance and advisory to technology & operation T&O and line of business technology teams
• Implement and/or enhance frameworks and processes for governance, risk and control, operationalization of processes and procedures
• Support technology risk related project across business and support units such as up-life or enhance technology risk control and management project
• Develop and work on technology resilience related requirement on key third party and critical banking services
• Assist in driving and managing the agenda for the Hong Kong Technology Risk Forum, including preparation of content, and reviewing stakeholders’ material that will be presented
• Support Technology Risk Management on Group Technology Risk Forum, Hong Kong Operational and Technology Risk Committee, Hong Kong Risk Executive Committee, and the Hong Kong Board Risk Management Committee
• Provide subject matter advice and perform technology risk assessment on various initiatives including changes, new products, and outsourcing arrangements
• Enhance the risk culture across technology including training efforts to promote risk management and compliance awareness access technology units
• Investigate, analyze and advice on risk events and material technology incidents
• Engage with technology stakeholders to proactively identify risks at a detailed and technical level and ensure that IT is effectively driving remediation activities and to continuously improve IT risk posture
• Perform and validate the risk control self-assessment RCSA and residual risk process across technology with technology risk managers
• Liaise with legal and compliance, internal and external auditors, regulators and regulatory agencies on risk and compliance reviews on technology related activities

Requirements

• Degree holder, preferably in majoring in Information Systems or related discipline
• Minimum of 5 years in technology risk or information risk and control management in a financial services or banking environment, preferably with comprehensive experiences in regulatory engagement
• Knowledge of Information Security, System Resiliency & Availability & Software Development practices and frameworks preferred
• Familiarity with regulatory requirements, especially HKMA's requirements (e.g., TM-E-1, TM-G-1, SA-2, C-RAF) would be advantageous
• Holder of professional certificates such as CISA, CISSP, CISM and/or CRISC would be advantageous
• Good technical competencies and exposure to IT application or infrastructure development, support and management, experience in driving IT risk management via digital platform is a plus
• Proficient in English - spoken and written
• High integrity and professional work practice
• Strong analytical, teamwork capability and able to work independently
• Strong interpersonal communication, project management, and presentation skills at all levels.

Apply Now

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.

We regret only shortlisted candidates will be notified.