Company Introduction: We're home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.
HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."
Job Summary: HKEX CTO Office and Process, Risk and Control ensures process quality, proactively reviews, assesses and remediates risks and improves control effectiveness of IT operations and administration.
Job Duties: Job Responsibilities: Control Design, Testing & Validation (Line 1.5 Assurance)
- Design, execute, and oversee risk-based control testing programs to validate the design and operating effectiveness of technology controls across infrastructure, cybersecurity, cloud, and application environments.
- Perform independent Line 1.5 testing and thematic reviews, providing objective challenge while remaining close to BAU technology operations.
- Ensure testing approaches align with internal control frameworks, regulatory expectations, and audit standards.
Audit Ready & Regulatory Assurance
- Act as the technology audit readiness lead, reviewing evidence quality, control narratives, and documentation to ensure defensibility for auditors, and regulators.
- Proactively simulate audit and regulatory inquiries, identifying potential gaps before formal reviews.
- Coordinate technology responses to audit observations, regulatory reviews, and management actions.
Risk & Control Self-Assessment
- Lead and facilitate IT critical processes and controls development, guiding teams in identifying key risks, assessing inherent and residual risk, and defining effective control measures.
- Challenge risk ratings, control design, and assumptions to ensure consistency, accuracy, and completeness.
- Drive alignment between assessment outputs, control testing results, incidents, and audit findings.
Incident, Issue & Remediation Oversight
- Provide oversight of technology incidents, control breaches, and audit issues, ensuring timely root cause analysis and sustainable remediation.
- Track and challenge remediation plans arising from audits, incidents, and risk assessments to ensure closure quality and effectiveness, not just completion.
- Identify systemic issues and recurring themes, escalating material risks to senior management where appropriate.
Risk Reporting & Senior Management Engagement
- Develop and maintain meaningful KRIs and KPIs to monitor technology risk exposure, control health, and remediation progress.
- Deliver concise, insightful reporting and presentations to technology risk management committee.
Job Requirements: - Bachelor's or master's degree in computer science, Information Technology, Engineering, or a related discipline.
- 8-12+ years of experience in technology risk, IT risk assessment, information security, or control assurance, ideally within banking, financial services, or regulated environments.
- Demonstrated experience operating in or alongside a Line 1.5 risk and control function, with strong understanding of first-line technology operations.
- Proven ability to engage credibly with senior technologists, auditors, and risk stakeholders.
- Relevant professional qualifications (e.g., CISA, CISSP, CISM) or equivalent preferred
- Strong knowledge of IT general controls, application controls, cybersecurity, cloud technologies, and SDLC (Agile/DevOps).
- Ability to assess complex technical environments and translate them into clear risk and control insights.
- Excellent stakeholder management, communication, and influencing skills, with the confidence to challenge constructively.
- Strong judgment, independence of thought, and a solution-oriented mindset.
HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.
Location: HKEX - TKO
Shift: Standard - 40 Hours (Hong Kong SAR)
Scheduled Weekly Hours: 40
Worker Type: Permanent