Assistant General Manager, Governance, Risk Management & Compliance Assistant General Manager, Governance, Risk  …

China CITIC Bank International Limited
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Dernière candidature, 10 juil. 20
China CITIC Bank International Limited
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Dernière candidature, 10 juil. 20
Technology risk/ IT security team lead

Key Responsibilities:

• Lead the team to strengthen the 1st line of defense to improve oversight of technology risk management with higher technical competence to support the rapid Fintech development and transformation initiatives
• Maintain and uphold the risk governance and management framework
• Develop any new required or maintain existing Information Security / Cyber Security Policy, Standard and Guideline according to regulation requirement and industry standard
• Organize and plan the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI) including but not limited to conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development
• Ensure IT practices and controls are adequately developed to address customer data leakage risk
• Manage the performance review of IT outsourcing and service providers in relation to their risk compliance with regulatory requirement and Bank’s internal policy
• Provide consultancy and advice to the adoption of emerging
• Organize bank-wide awareness or education program to promote the security cultures of the Bank
• Coordinate and response to audit findings in related to Cybersecurity issues to satisfy the compliance requirement as expected by regulators and auditors
• Uplift the staff awareness on regulatory requirement on cybersecurity by proper communication and training
• Train/equip team staff and ensure they have the ability to perform the required work and can face the ever-changing technology
• Identify and retain talents with career progression plan.  Plan back-up and contingency to minimize impact to existing servicing level
• Conduct technology risk assessment for all internal application systems
• Liaise external 3rd party to conduct independent assessment


• Degree holder in Information Technology or related discipline
• At least 12 years' experience in audit, technology risk management or information security management
• At least 6 years’ experience in people management
• Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
• Certified in CISSP, CISA, CISM or other recognized certificate is a must
• Seasoned practitioner in TRM or Audit or Information Security Management
• Thorough knowledge of risk management practices in IT Infrastructure, IT Application and Service Management
• Good at issue reporting/presentation and stakeholder management
• Familiar to regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, CBRC, FFIEC and etc
• Familiar to industry compliance requirements such as PCI-DSS, SWIFT CSP and etc
• Knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage
• Good understanding of industry best practices e.g. ISO27001, COBIT etc

For more details about career opportunities with the Bank, please visit our website  Please apply with full resume stating current and expected salaries.
Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.
China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment.  All employment decisions will be made in a non-discriminatory manner.