Senior Technology Risk Manager - Operational Risk

As a Second Line of Defense (2LoD) Senior Operational Risk Manager with technology focused and reporting to the lead of operational risk, you will provide independent oversight and validation of IT risk management activities, ensuring robust governance and risk mitigation across the organization. Leveraging your expertise in technology risk, vulnerability assessment, and cybersecurity controls, you will assess first-line risk management practices, advise on emerging threats, and ensure alignment

Guotai Junan (Hong Kong) Limited - Hong Kong - Full time

Salary: We offer an attractive remuneration package to the right candidate

As a Second Line of Defense (2LoD) Senior Operational Risk Manager with technology focused and reporting to the lead of operational risk, you will provide independent oversight and validation of IT risk management activities, ensuring robust governance and risk mitigation across the organization. Leveraging your expertise in technology risk, vulnerability assessment, and cybersecurity controls, you will assess first-line risk management practices, advise on emerging threats, and ensure alignment with operational risk frameworks. This role requires strong collaboration with IT, cybersecurity teams, business units and other risk teams to safeguard the organization against evolving risks.

Main Responsibilities:

  • Act as the independent validator of IT risk management activities performed by the first line within the second line of defense
  • Review and assess the IT control documentation under various technology risk management frameworks
  • Advise on technologies risk related to virtual asset activities
  • Partner with the operational risk team to assess the adequacy and effectiveness of BCP set-up across reporting units
  • Liaise with the operational risk team to follow up on technology risk issues identified through RCSA and KRI processes
  • Liaise with the operational risk team to investigate IT incident, assess the remedial action plans and perform the follow-up procedures
  • Review and advise on technology-related policies
  • Provide independent risk insights to the stakeholders, translating vulnerabilities into business impact and advise on their control enhancements
  • Assist in other technology risks related reporting, collaboration, and risk management initiatives

Education:

  • Bachelor's/Masters degree in cybersecurity, IT, risk management, or a related field with a strong IT background

Qualifications:

  • 7+ years in IT risk, cybersecurity, or operational risk, with at least 3 years in a 2LoD or advisory/audit/challenge role focusing on IT risk.
  • Hands-on knowledge of vulnerability assessment, risk frameworks (NIST, ISO 27005), and cloud security risks
  • Familiar with virtual asset risks, regulatory compliance and incident management
  • Ability to work independently and collaboratively in a fast-paced environment.
  • Ability to influence and build consensus across teams.
  • Strong critical thinking to challenge first-line assumptions and controls.

We offer an attractive remuneration package to the right candidate. Interested parties please forward your full resume with availability, expected salary by pressing "Apply now" or send it to 27/F., Low Block, Grand Millennium Plaza, 181 Queen's Road, Central, Hong Kong.

(Data collected will be kept strictly confidential and used for recruitment purpose only.)

Apply
23136692

OTHER ASIAXPAT SITES:

Ad