Assistant General Manager, Governance, Risk Management and Compliance Assistant General Manager, Governance, Risk  …

Talent Axis
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Dernière candidature, 14 juil. 20
Talent Axis
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Dernière candidature, 14 juil. 20
Our client, a well-established Bank in Hong Kong, is looking for a high-calibre candidate to join their Group:


  • Manage the performance review of IT outsourcing and service providers in relation to their risk compliance with regulatory requirement and Bank’s internal policy
  • Organize and plan the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI) including but not limited to conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development
  • Lead the team to strengthen the 1st line of defense to improve oversight of technology risk management with higher technical competence to support the rapid Fintech development and transformation initiatives
  • Develop any new required or maintain existing Information Security / Cyber Security Policy, Standard and Guideline according to regulation requirement and industry standard
  • Ensure IT practices and controls are adequately developed to address customer data leakage risk
  • Maintain and uphold the risk governance and management framework
  • Provide consultancy and advice to the adoption of emerging
  • Organize bank-wide awareness or education program to promote the security cultures of the Bank
  • Coordinate and response to audit findings in related to Cybersecurity issues to satisfy the compliance requirement as expected by regulators and auditors
  • Liaise external 3rd party to conduct independent assessment
  • Uplift the staff awareness on regulatory requirement on cybersecurity by proper communication and training
  • Train/equip team staff and ensure they have the ability to perform the required work and can face the ever-changing technology
  • Identify and retain talents with career progression plan.  Plan back-up and contingency to minimize impact to existing servicing level
  • Conduct technology risk assessment for all internal application systems



  • Degree holder in Information Technology or related discipline
  • At least 12 years' experience in audit, technology risk management or information security management
  • At least 6 years’ experience in people management
  • Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
  • Certified in CISSP, CISA, CISM or other recognized certificate is a must
  • Seasoned practitioner in TRM or Audit or Information Security Management
  • Thorough knowledge of risk management practices in IT Infrastructure, IT Application and Service Management
  • Good at issue reporting/presentation and stakeholder management
  • Familiar to regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, CBRC, FFIEC and etc
  • Familiar to industry compliance requirements such as PCI-DSS, SWIFT CSP and etc
  • Knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage
  • Good understanding of industry best practices e.g. ISO27001, COBIT etc