Technology Risk Consultant Technology Risk Consultant …

Pacific Focus
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Soyez parmi les premiers à postuler
Attractive Package + Bonus
Pacific Focus
à Hong Kong, Hong Kong, Hong Kong
CDI, Plein-temps
Soyez parmi les premiers à postuler
Attractive Package + Bonus
Our client is a global top tier investment bank. They are looking for an experienced candidate to be part of the global team to support the risk function of enterprise technology & risk divisions.

This role requires solid experience in technology risk management in a regulated China environment, along with team management, presentational and influencing capability. The role requires someone who is analytical and can quickly move between highly technical problem solving and providing senior management overviews, provide consultative support to the department by giving advice on best practices and driving risk compliance to meet local regulations and established IT control policies, processes and procedures in the region.

 

Responsibilities

  • Manage the overall engagement of the Division with Firmwide risk and control groups as appropriate. This includes TR (Technology Risk department) Identity and Access Management, ORD (Operational Risk Department) and Internal Audit
  • Manage the engagement with TR in support of agreed controls to monitor and coordinate the implementation and adoption of all applicable processes and tools.  Determine the scope and manage the execution of any necessary remediation work to achieve the agreed level of adoption in the Division. For Identity and Access Management, for example, this includes the use of approved provisioning tools, the definition of entitlements models, technology Segregation of Duty tagging, entitlements classification
  • Manage the engagement with TR to collaborate on the design of new controls or control process for use across Technology.  In addition, facilitate the deployment and adoption of new controls and control processes and facilitate the setting of scope for such activity within the Division
  • Monitor the completeness and appropriateness of key risk, control related data, raise concerns with data owners, and escalate to Divisional management if required. This includes Divisional risk data in the risk register and in the Firm’s issue and action plan tracking system (OpenPages), Technology Asset Inventory (TAI) reference data, Technology Access Management (TAM) related roles and Business Continuity data
  • Review and approve certain control related reference data in TAI. This includes new assets, new teams and changes to Segregation of Duty tagging
  • Ensure management awareness and governance around progress on risk responses from across the risk and control agenda through regular reporting to management (e.g. DIRC).  This includes SOX, Audit and Regulatory Open Page issues and actions; Risk Register remediation actions and actions arising from Formal Assessments
  • Monitor the regulations development, provides regulatory guidance to other technology departments. Provide regulatory response in the ETR areas. If needed, communicate with regulator to understand more detailed regulatory requirements
  • Oversight the China entity specific technology risk being properly response and oversight the legal entity technology policies / standards in alignment with both firm’s objective, and regulatory expectations being properly maintained and complied
  • Provide advice to various China Technology Governance Forum for risk remediation or risk updates.

 

Requirements

  • Knowledge and understanding of infrastructure technologies and / or security technologies
  • Self-starter able to complete role with minimal supervision, paying close attention to detail
  • Knowledge and understanding of infrastructure technologies and / or security technologies
  • 10 – 15 years of experience in technology risk management in the financial services or other regulated industry
  • Degree level qualification: bachelor’s degree
  • Certifications in the IT Risk area such as CISA, CISSP / CISSM (or equivalent) would be an advantage
  • Strong project management skills; proven ability to prioritize business objectives and effectively manage regulatory agenda in a dynamic environment

 

 

Close
Loading...