We are seeking an experienced Technology Risk Manager with a proven track record in cybersecurity and IT risk management. The ideal candidate will have 10+ years of experience in managing IT risk frameworks, controls, and regulatory compliance, particularly within the Hong Kong governance landscape. This role will lead IT risk-related activities, including maintaining the IT risk register, conducting risk and control assessments, and managing security exemption processes. A strong understanding of technical security controls across infrastructure, applications, and identity/access management is essential.
Responsibilities of the Role:
- Lead IT risk and control assessments across infrastructure, applications, and private cloud environments.
- Develop, maintain, and continuously improve the IT risk register.
- Manage the IT security exemption process, ensuring proper documentation and risk evaluation.
- Act as the primary point of contact for internal and regulatory inquiries related to IT risk and security.
- Oversee security documentation, including policies, procedures, and assessment reports, ensuring accuracy and compliance.
- Provide oversight on the implementation of IT risk mitigation measures and escalate issues when necessary.
- Drive continuous improvement in IT risk governance and control practices.
Required Skills for the Role:
- Minimum 10 years of experience in IT risk management, cybersecurity, or related fields.
- Strong understanding of IT controls and risk frameworks (e.g., COBIT, NIST, ISO 27001).
- Familiarity with Hong Kong regulatory requirements and governance standards for IT security.
- Proven experience in conducting IT risk assessments and managing control processes.
- Excellent written and verbal communication skills in English.
- Strong analytical and critical thinking skills with attention to detail.
- Ability to manage multiple priorities and complex tasks effectively.
- Relevant certifications (e.g., CISM, CRISC, CISSP, ISO 27001 Lead Auditor) are highly desirable.
