Specialist I (Technology Risk Management) Specialist I (Technology Risk Management) …

Hong Kong Interbank Clearing Limited
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Soyez parmi les premiers à postuler
Competitive
Hong Kong Interbank Clearing Limited
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Soyez parmi les premiers à postuler
Competitive
The incumbent will assist senior management in overseeing security and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment. S/he will be responsible for developing and maintaining corporate-wide information security policy, technology risk management process and ISMS in compliance with the ISO27001 standard.

Major Responsibilities

  • Develop and maintain corporate-wide information security policy, technology risk management process and ISMS in compliance with the ISO27001 standard
  • As a second line of defense, assist risk owners in identifying and measuring risks to build a corporate-wide security and technology risks profile
  • Assist senior management in overseeing security and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment
  • Review residual risk level and control effectiveness to make recommendation for risk treatment
  • Interpret security key risk statistics for reporting to senior management on regular basis
  • Coordinate to evaluate emerging cyber threat scenario for continuous improvement on cyber security response preparation in Business Continuity Plan (BCP)
  • Promote security awareness and ensure compliance with applicable security standards
  • Participate in cyber threat intelligence analysis to gauge the prevailing cyber threat landscape, and make recommendation on improving the company risk posture
  • Review and make recommendation on using of Open Source Software (OSS) and freeware
  • Perform security administration including corporate level user identity and access management, privileged account management, digital certificates renewal, etc. when required
  • Execute security operation procedures in accordance with the corporate information security policy and guidelines when required
  • Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new security technologies and standard with reference to prevailing industry best practices
  • Perform other job duties as assigned by the supervisors

Requirements

  • University degree preferably in information technology, information security or related discipline
  • Minimum 4 years of experience in information security or technology risk management field
  • Holder of security certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred
  • Practical experience and knowledge in risk management framework and methodology
  • Knowledge in security control frameworks such as C-RAF published by the HKMA or ISO27001 standard, etc.
  • Experience in working for major financial institutions
  • A good team player with sound interpersonal and communication skills
  • Good command of spoken and written English and Chinese
  • Candidates with less experience may be considered for appointment as Specialist II (Technology Risk Management)
Close
Loading...