Responsibilities:
- Assist to drive initiatives to discover, assess and report on new and existing risk matters
- Provide support during pre-audit, audit and post-audit activities
- Assist 1st line of defense (LoD) in the self-identification of control gaps which may lead to audit findings
- Assist the review of Risk and Control Self-Assessment (“RCSAâ€) arising from outsourcing, projects, new products for all key business lines/ operations according to the agreed timeframe and requirements;
- Assist in monitoring the completeness and appropriate of key risk and control data/activities; assess and report on control operation and effectiveness
- Assist in performing gap analysis on regulatory requirement including HKMA and MAS technology risk related areas.
- Assist and support during regulatory exam and external audit (including Independent Assessment)
- Assist in risk monitoring the risk trends through KRI, effectiveness of technology controls and staying updated on industry trend and best practices.
- Ensure the quality of root cause analysis of major incidents and the timely completion of remediation actions
Requirements:
- Degree holder in Information Technology, Information System or related disciplines.
- 4 to 6 years experience in IT and/or Information Security / Technology Risk Management, candidates with more experience will be considered as Senior Manager
- Experience in Business Continuity/Disaster Recovery Management would be an advantage
- Good understanding of industry best practices e.g. ISO27001, COBIT, ITIL etc.
- Experience in Big 4 or financial institution will be an advantage.
- Sound knowledge of Information Security, System Resiliency & Availability, Software Development Practices and Application Security
- Thorough knowledge in Tech Risk Management, ITIL, COBIT would be advantage
- CISSP, CISA, CISM certification is a definite advantage.
- Knowledge in Operational Risk Management especially Technology & Cyber Risk
- Good command of written and spoken English and Chinese (including Putonghua)
For more details about career opportunities with the Bank, please visit our website https://www.cncbinternational.com/careers/en/index.jsp Please apply with full resume stating current and expected salaries.
Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.
China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner.