Senior Technology Risk Manager /Technology Risk Manager (Cyber Security Control Division)

Roles and Responsibilities & Specific Requirements (Cyber Security): Formulate and manage cyber security policies, standards and procedures. Assist in planning of technology related risk management strategies, processes and work plans. Participate in Cyber Security projects for the design, development and implementation. Plan and conduct cyber security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls, cloud/server/endpoint/ net

Bank Of China (Hong Kong) Limited - Hong Kong - Full time

Salary: Competitive

Roles and Responsibilities & Specific Requirements (Cyber Security):
  • Formulate and manage cyber security policies, standards and procedures.
  • Assist in planning of technology related risk management strategies, processes and work plans.
  • Participate in Cyber Security projects for the design, development and implementation.
  • Plan and conduct cyber security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls, cloud/server/endpoint/ network/ middleware security review. Support the implementation of security initiatives to ensure the compliance with corporate information security policies and compliance standards.
  • Participate in organizing/conducting penetration test, red/blue/purple teaming exercises, vulnerability assessment, validation controls for local/overseas entities.
  • Provide Cyber Security incident response operation and support, work with local & regional SOC team to seek for continuous improvement for daily Cyber Security monitoring, incident analysis & investigation, incident response operation and support.
  • Experience in arrangement and co-ordination of cross-countries cyber incident response drills.
  • Experience in Security operations, managing SOC, Offensive security, Container security, CSPM, Threat Hunting, OSINT, Dark Web monitoring, Malware analysis, SecOps , Digital forensics , Attack surface management, managing Cloud/ISP/On-premises Anti-DDoS solution, AI/LLM security, Threat modeling, Supply chain cybersecurity and Vulnerability management.
  • Serve as a subject matter expert to support business units and cross-functional teams in identifying and addressing cybersecurity risks. Engage with various business units and teams to discuss risk issues and control gaps, and propose effective remediation strategies.
  • Research and evaluate on latest security threats and Cyber Threat Intelligence, stay informed about latest developments in cyber security field.
  • Familiar with technologies on Firewall, IDS, IPS, WAF, DNS Security, Email Security, SIEM, SOAR, DLP, UEBA, BAS, XDR, Deception, Generative AI/Machine Learning, Application of AI/ML/LLM/MCP/RAG libraries in Python , Zero Trust, Micro-segmentation, Unified endpoint management, SASE/SSE Solution, Database security, and Network/Cloud security are preferable.
  • Willing to travel to different oversea region occasionally to conduct regional cyber security assessment, provide cyber security incident and response support as well as to participate different training / red team exercises (eg. Asia Pacific area, Shenzhen and Shanghai).
General Job Requirements:
  • Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
  • At least 2 years of experience in IT security, technology risk management, compliance or IT audit function, gained from other sizable financial institutions
  • Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CISM. Industry-recognized cyber security certifications ,such as OSCP/OSCE/OSWE/OSEE/GXPN/GPEN/GCPN/GCIH/GSOC/ GCFA/OSDA/CCIE/CCNP, is preferable
  • Familiar with HKMA TM-E-1, TM-C-1, TM-G-1, C-RAF, PCI-DSS, ISO 27001, PDPO, NIST, MITRE ATT&CK, OWASP, Protection of Critical Infrastructures (Computer Systems) Bill or other security risk management framework or regulatory requirements is an advantage
  • Independent, strong self-initiative and with passion in cyber security professional.
  • Good command of written and spoken English with Mandarin is preferable and
  • Good communication and interpersonal skills.
  • Candidate with less experience or qualification will also be considered as Assistant Technology Risk Manager
Apply
22818084

OTHER ASIAXPAT SITES:

Ad