Responsibilities:

• Lead the team to strengthen the 1st line of defense to improve oversight of technology risk management with higher technical competence to support the rapid Fintech development and transformation initiatives.
• Maintain and uphold the risk governance and management framework
• Develop any new required or maintain existing Information Security / Cyber Security Policy, Standard and Guideline according to regulation requirement and industry standard.
• Organize and plan the corresponding actions to align with HKMA's Cybersecurity Fortification Initiative (CFI) including but not limited to conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development.
• Ensure IT practices and controls are adequately developed to address customer data leakage risk.
• Manage the performance review of IT outsourcing and service providers in relation to their risk compliance with regulatory requirement and Bank's internal policy.
• Provide consultancy and advice to the adoption of emerging
• Organize bank-wide awareness or education program to promote the security cultures of the Bank.
• Coordinate and response to audit findings in related to Cybersecurity issues to satisfy the compliance requirement as expected by regulators and auditors.
• Uplift the staff awareness on regulatory requirement on cybersecurity by proper communication and training.
• Train/equip team staff and ensure they have the ability to perform the required work and can face the ever-changing technology.
• Identify and retain talents with career progression plan.  Plan back-up and contingency to minimize impact to existing servicing level.
• Conduct technology risk assessment for all internal application systems

Requirements:

• Seasoned practitioner in TRM or Audit or Information Security Management.
• Thorough knowledge of risk management practices in IT Infrastructure, IT Application and Service Management
• Good at issue reporting/presentation and stakeholder management
• Familiar to regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, CBRC, FFIEC and etc.
• Familiar to industry compliance requirements such as PCI-DSS, SWIFT CSP and etc.
• Knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage
• Good understanding of industry best practices e.g. ISO27001, COBIT etc.
• Degree holder in Information Technology or related discipline.
• At least 12 years' experience in audit, technology risk management or information security management.
• At least 6 years' experience in people management.
• Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
• Certified in CISSP, CISA, CISM or other recognized certificate is a must