Senior / Technology Risk Manager (Cyber Security Control Division)

Roles and Responsibilities & Specific Requirements (Application Security): Assist in reviewing IT initiatives and provide advisory from technology risk perspectives Assist to establish and review policies, guidelines, procedures in application security area Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc. Conduct regular assessment on application security Familiar with security testing t

Bank Of China (Hong Kong) Limited - Hong Kong - Full time

Salary: Competitive

Roles and Responsibilities & Specific Requirements (Application Security):

Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
Assist to establish and review policies, guidelines, procedures in application security area
Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
Conduct regular assessment on application security
Familiar with security testing tools e.g. Fortify, AppScan and Nessus, technologies on DevSecOps and industry good practice OWASP is preferable

Roles and Responsibilities & Specific Requirements (Cyber Security):

Provide Cyber Security incident response operation and support.
Experience in OSINT, malware analysis and digital forensics.
Research and evaluate on latest security threats and Cyber Threat Intelligence.
Participate in Red & Purple Teaming exercises.
Familiar with technologies on Firewall, IDS, IPS, SIEM, SOAR and Network/Cloud Infrastructure is preferable.

Roles and Responsibilities & Specific Requirements (Platform Security):

Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc
Conduct regular assessment on data center security

General Job Requirements:

Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
Over 2 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
Familiar with HKMA TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
Good command of written and spoken English with Mandarin is preferable and
Good communication and interpersonal skills;

Apply

22406494

Specific Advice

Regionally Shared Advice

Senior / Technology Risk Manager (Cyber Security Control Division)

Specific Advice

Regionally Shared Advice

OTHER ASIAXPAT SITES: