Assistant Vice President, Technology and Operational Risk

The Job:

• Technology and Operational Risk
  • Support the design or enhance the operational risk policies to ensure the Enterprise Risk Management (ERM) framework is embedded in the business activities
  • Update the current risk assessment and control process which includes risk appetite, tolerance and limits, and provide analysis and follow-up on the closure of related management actions and recovery plan
  • Facilitate completion of Risk Control Self-Assessment (RCSA) and Regulatory Requirement Self-Assessment across Technology and Operational
  • Perform new service risk assessments to identify control gaps, execute risk mitigation projects and provide support to stakeholders on matters relating to regulatory, risk and corporate governance
  • Review initiatives in accordance with regulatory bodies’ requirements (such as HKMA SPM, TM-E-1, TM-G-1, SA-2, OR-2, C-RAF, iCAST)
  • Assessing the regulatory change impacting technology, operational and driving related risk mitigation programs with stakeholders
  • Implement and update security policies and procedures to maintain the technology risk level for the business unit
  • To maintain risk register and communicate the identified risks and impacts with stakeholders
  • Follow up independent assessment, internal audit, security penetration test issues in a timely and controlled manner
  • Conduct an independent review of incidents and related information to ensure the prevention, detection, containment and correction
  • Conduct and manage technology risk for 3rd party service providers
  • Co-ordinate Business Continuity Plan

• Others
  • Train and develop team and support needs from other departments related to risk managementPromote and implement the risk analytics and data-driven
  • Provide recommendations to senior executives for any potential problems & risks adhere to existing operation work flow and policies
  • Support needs from other stakeholders related to risk management
  • Ad hoc task as assigned by supervisor
     

To succeed in this role:

• Degree holder in Information Technology or related disciplines; Add-on with professional certifications like CISA/CISM/CISSP/CCSP/CRISC, and similar certifications.
• Minimum 7 years' of relevant experience, preferably with banking or financial institutions experience, in compliance, technology risk, or IT audit (either 1st line or 2nd line of defense)
• Knowledge with NIST CSF, ISO 27001, OWASP Top 10
• Knowledge in Cloud, Mobile App, API Security, PCI-DSS
• Sound knowledge of Information Security, System Resiliency & Availability & Software development practices, Application Security and frameworks preferred
• Good project management skill
• Strong knowledge of risk management, controls and processes
• Familiar with financial services industry including prepaid card / credit card process, Merchant Services and ecommerce.
• Keen interest in startup environment, fintech trends and sound knowledge of banking and financial products
• Strong leadership, communication and stakeholders management, analytical and problem-solving skills
• Great sense of ownership, self-motivated, work independently as well as being a good team player; Multi-tasked and able to work under tight timelines
• Proficiency in both English and Chinese