IT Policy and Compliance Manager

Main Responsibilities

• Responsible for acting as the project manager in coordinating and supporting internal and external audit engagements (e.g. external engagements includes but not limited to regulatory compliance projects such as independent assessments, PCI-DSS, SWIFT CSCF, HKMA C-RAF and internal engagements includes but not limited to Headquarters' assessments, internal audit) including but not limited to disseminating the audit evidence requests to relevant units within Fintech Division, coordinating and facilitating the communication with the assessors, reviewing the appropriateness of the evidence provided and keeping track of the evidence provision status, etc;

  • Responsible for acting as a single contact point for the Fintech Division with other internal and external units such as external auditors, Internal Audit, Risk Management, Legal and Compliance, for IT compliance matters;
  • Responsible for the issue remediation management, including but not limited to the establishment and maintenance of the control issues tracker, keeping track of the remediation actions to ensure timely completion;
  • Responsible for the establishment and management of IT Compliance Monitoring Program, and exercise the compliance checking accordingly;
  • Responsible for the establishment and management of the IT Policy framework and structure, overseeing other units of Fintech Division to ensure adherence with the requirements stipulated in the framework in establishing and managing the required IT policies;
  • Responsible for acting as the librarian for IT and cybersecurity governance documents, such as policies, procedures, standards, guidelines, baselines, operating instructions, etc;

  Requirements

• Degree holder in Cyber Security / Computer Science / Information Technology or related discipline

  • Minimum 5 years of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management or IT Audit, preferably with experience gained from consultancy / banking / finance industry; appropriate candidate with abundant experience may be considered as the team leader;
  • Experience in consultancy preferably Big 4 or IT Auditing is an advantage;
  • Adequate understanding of the best practices of cybersecurity management and controls;
  • Strong understanding the IT Policy Management Framework, audit / assessment engagements end-to-end process;
  • Strong understanding of the IT and cybersecurity applicable legal and regulatory compliance requirements, HKMA SPMs and Circulars;
  • Strong Understanding of IT and cybersecurity compliance requirements of PCPD, SFC, IA is an advantage;
  • Holder of HKMA ECF-C recognized certifications at professional level is required, such as CISA, CISM, CRISC, etc;
  • Holder of Project Management professional certifications such as PMP is an advantage;
  • Customer-oriented, good communication and interpersonal skills;
  • Able to work independently and under pressure with tight deadline;
  • Strong problem-solving, analytical skills and presentation skills;
  • Good command of written and spoken English and Mandarin;
  • Proficiency in preparing reporting deck and reports in Chinese is definitely an advantage;
    Applicants who are not contacted within 8 weeks may consider their applications unsuccessful and their personal data will be retained by the bank for a period up to two years.

All information provided by applicants will be used for recruitment purposes only and will be used strictly in accordance with the bank's personal data policies, a copy of which will be provided upon request.