Technology - China Risk Officer for Enterprise Technology & Risk - Associate - Hong Kong

  • Competitive
  • Hong Kong Hong Kong Hong Kong HK
  • CDI, Plein-temps
  • Morgan Stanley
  • 21 mai 18 2018-05-21

See job description for details


Department Overview

Enterprise Technology & Risk is a global division within Morgan Stanley?s Technology organization. The Division is made up of a number of groups which include: End User Technology, Core Infrastructure, Quality Assurance & Production Management and Technology and Information Risk.

The ETR Risk function is responsible for establishing and governing globally consistent and effective risk management strategies, policies and standards. Its mission is to deliver programs that protect and enable the business, ensure secure delivery of services to our clients, adjusts to address the risks presented by an evolving threat landscape and meet regulatory expectations.

The ETR Risk Officers are accountable for the practices associated with technology operational risk awareness, identification, assessment, reporting, governance, management, mitigation and/or acceptance, and policy compliance across the ETR organisation.

The ETR Risk Officer function aims to promote a risk aware culture across enterprise technology, providing management team with the necessary information, tools and training to ensure a proactive and informed approach to risk management. Additionally the team is responsible for divisional compliance with a number of mandatory initiatives to meet the requirements of internal audit and external regulators.

The ETR team is recruiting for China risk officer role with a focus on China Bank (MSBIC) coverage, supporting China regulatory and regional risk and control self-assessment programs and governance programs impacting China Bank, providing a direct support and liaison for senior Asia Divisional management and China country management.

This role requires solid experience in technology risk management in a regulated China environment, along with prioritization management, presentational and influencing capability.

Role Overview

The role requires someone who is analytical and can quickly move between highly technical problem solving and providing senior management overviews, provide consultative support to the department by giving advice on best practices and driving risk compliance to meet local regulations and established IT control policies, processes and procedures in the region.

Responsibilities will include:
- Management and coordination of remediation work to reduce the level of risk within the Division.
- Providing Country and Divisional Management with regular progress updates on risk responses from across the risk and control agenda through regular reporting to management via respective Risk Committees.
- Working with Country and Divisional representatives to ensure the completeness and appropriateness of key risk and control related data. Working with data owners and Divisional management to identify risk remediation approaches.
- Monitoring China Bank compliance with the Global Technology Policy and Standards
- Assisting with the identification, assessment and management of agreed responses to risks and engagement with relevant governance committees.
- Providing timely support during audit and regulatory activity. This includes responding to audit requests, providing status updates to Country and Divisional management, supporting management in agreeing and prioritising responses to Audit findings and providing ongoing monitoring of the progress on Audit issues and actions.
- Managing the relationship with our External Auditors and acting as the key point of contact during the annual testing cycle.
- Monitoring the timely completion of the event-driven Asset level assessments and Supplier Assessments, as required and undertake appropriate quality assurance.
- Engaging with Firmwide risk and control groups, including Business Risk Management, Operational Risk and Internal Audit.



Qualifications:


Skills Required:

- Bachelor's degree with minimum 5 years experience

- Native oral and written communication skills in Mandarin
- Understanding of Operational Risk and associated regulations, and the associated application to a technology division within Financial Services.
- Experience of regulatory engagements and internal audits, particularly experience in dealing with the regulators in China (CBRC, PBOC, SAFE, CSRC) and local industry forums.
- Project / Program Management experience.
- Strong analytical and problem-solving skills.
- Proficiency in MS Office and related applications (Word, Excel, PowerPoint, Access, Visio, Project).

Skills Desired:
- Professional industry certification: CISM, CISA, CISSP.
- Knowledge of COBIT and ITIL frameworks for risk assessment.
- Experience in working with different regions and time zones.
- Knowledge of multiple operating systems (Windows, Linux, OSX).
- Knowledge of security concepts (authentication/authorization/cryptography)
- Knowledge of networks and firewall infrastructure