OCBC Wing Hang Bank Limited
Apply now
Assistant Vice President / Manager, Information Security & Digital Risk Management | HK Talent Engage
Published 2023-06-02 00:00:00
Job description
Responsibilities
- Support the implementation of risk management framework for technology, information and cyber risk domains in collaboration with relevant stakeholders including Group counterparts, technology teams, business / support units and other risk management functions.
- Formulate, review and update risk management framework and supporting policies and guidelines which incorporate applicable Group standards, industry practices, and regulatory requirements.
- Organize the ISDRM-related risk management committee and related working groups as the secretariat and represent ISDRM in various Group and local risk governance meetings and forums whenever required.
- Assist to prepare and deliver regular risk reports, analysis and metrics (e.g. KRIs) on the Bank’s overall security posture for the Board and senior management.
- Provide advice, support and challenge on technology, information and cyber risk domains associated with new products, major technology / Fintech initiatives, strategic digital transformation projects and third-party arrangements (e.g. cloud computing, APIs).
- Conduct or participate in thematic reviews and compliance assessments over emerging risks (e.g. DDoS attack) and regulatory guidelines (e.g. CRAF’s Maturity Assessment & iCAST).
- Monitor and perform independent review of specific aspects of day-to-day risk management activities conducted by the first line of defense (i.e., technology teams), covering risk assessment & acceptance, incident response, change management and implementation of key controls or remediation actions.
- Work alongside the Group counterparts to plan and take part in the risk awareness, training and testing programs for all staff.
- Support or coordinate internal and external audits, and regulatory examinations or communications with respect to technology, information and cyber risk domains.
Requirements
- Degree holder in technology, computer science, information security, business or related disciplines
- At least 5 years of relevant experience in information security, cyber / technology risk or technology audit gained from financial services industry (FSI) or professional services serving FSI clients.
- CISM, CISSP, CISA or other recognized certificates under ECF on Cybersecurity for second line of defence required
- Strong risk management mindset. Solid understanding in IT environment, threat landscape and technology/information/cyber controls, including relevant industry standards (e.g. ISO/IEC27001) and regulatory guidelines (e.g. HKMA’s SPM TM-G-1, C-RAF)
- Good communication skills, with the ability to interact with both technical and non-technical stakeholders at various levels and articulate complex risk issues with effective challenge and practical recommendation.
- Good command of both spoken and written Chinese and English
- Self-motivated and organized. Able to work independently and as a member of a team
- Experience in conducting risk assessments, threat modelling or audits will be an advantage
- Candidates with less experience will be considered for the rank of Manager
Job particulars
- Job source
- eFinancialCareers
- Job reference
- 19067044
- Date published
- 02 Jun 2023
- Job keywords
- Technology,Cyber security,Risk Management,Consulting and Advisory,Retail Banking,Other