Technology Risk Manager

Position Summary:

We are seeking an experienced Technology Risk Manager with over 10 years of expertise in cybersecurity and IT risk management. The ideal candidate will have a strong understanding of IT controls, risk frameworks, and regulatory requirements, particularly within the Hong Kong governance landscape. This role will be responsible for managing IT risk-related activities, including the development and maintenance of the IT risk register, conducting IT risk and control assessments, and overseeing the IT security exemption process. A solid grasp of industry best practices and emerging trends in IT risk and security is essential. The ideal candidate will possess a good understanding of technical security controls across diverse technology domains, including infrastructure, applications, and access management.

Key Responsibilities:

• Lead IT risk and control assessments across infrastructure, applications, and private cloud environments.
• Develop, maintain, and continuously improve the IT risk register.
• Manage the IT security exemption process, ensuring proper documentation and risk evaluation.
• Act as the primary point of contact for client and regulatory inquiries related to IT risk and security.
• Oversee the security documentation, including policies, procedures, and assessment reports to ensure they’re up-to-date.
• Provide oversight on the implementation of IT risk mitigation measures and escalate issues when necessary.
• Drive continuous improvement in IT risk governance and control practices.

Required Qualifications:

• Minimum 10 years of experience in IT risk management, cybersecurity, or related fields.
• Strong understanding of IT controls and risk frameworks (e.g., COBIT, NIST, ISO 27001).
• Familiarity with Hong Kong regulatory requirements and governance standards for IT security.
• Proven experience in conducting IT risk assessments and managing control processes.
• Excellent written and verbal communication skills in English.
• Strong analytical and critical thinking skills with attention to detail.
• Ability to manage multiple priorities and complex tasks effectively.
• Relevant certifications (e.g., CISM, CRISC, CISSP, ISO 27001 Lead Auditor) are highly desirable.

Preferred Attributes:

• Strategic mindset with a hands-on approach to problem-solving.
• Ability to influence and engage stakeholders at all levels.
• Experience working in regulated industries (e.g., finance, healthcare) is a plus.