Assistant General Manager, Governance, Risk Management & Compliance
China CITIC Bank International Limited
April 1, 2021
Lead the team to strengthen the 1st line of defense to improve oversight of technology risk management with higher technical competence to support the rapid Fintech development and transformation initiatives.
Maintain and uphold the risk governance and management framework
Develop any new required or maintain existing Information Security / Cyber Security Policy, Standard and Guideline according to regulation requirement and industry standard.
Organize and plan the corresponding actions to align with HKMA's Cybersecurity Fortification Initiative (CFI) including but not limited to conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development.
Ensure IT practices and controls are adequately developed to address customer data leakage risk.
Manage the performance review of IT outsourcing and service providers in relation to their risk compliance with regulatory requirement and Bank's internal policy.
Provide consultancy and advice to the adoption of emerging
Organize bank-wide awareness or education program to promote the security cultures of the Bank.
Coordinate and response to audit findings in related to Cybersecurity issues to satisfy the compliance requirement as expected by regulators and auditors.
Uplift the staff awareness on regulatory requirement on cybersecurity by proper communication and training.
Train/equip team staff and ensure they have the ability to perform the required work and can face the ever-changing technology.
Identify and retain talents with career progression plan. Plan back-up and contingency to minimize impact to existing servicing level.
Conduct technology risk assessment for all internal application systems
Seasoned practitioner in TRM or Audit or Information Security Management.
Thorough knowledge of risk management practices in IT Infrastructure, IT Application and Service Management
Good at issue reporting/presentation and stakeholder management
Familiar to regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, CBRC, FFIEC and etc.
Familiar to industry compliance requirements such as PCI-DSS, SWIFT CSP and etc.
Knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage
Good understanding of industry best practices e.g. ISO27001, COBIT etc.
Degree holder in Information Technology or related discipline.
At least 12 years' experience in audit, technology risk management or information security management.
At least 6 years' experience in people management.
Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
Certified in CISSP, CISA, CISM or other recognized certificate is a must