Technology Risk Manager (Information Security Control Division)
- 香港
- 長期
- 全職
Employment Type: Full time
Departments: Information Technology Department
Job Functions: Information TechnologyRoles and Responsibilities & Specific Requirements (Application Security):
- Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
- Assist to establish and review policies, guidelines, procedures in application security area
- Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
- Conduct regular assessment on application security
- Familiar with security testing tools e.g. Fortify, AppScan and Open Source Scanning tools, technologies on DevSecOps and industry good practice OWASP is preferable
- Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc.
- Conduct regular assessment on OS platform security & middleware software security
- Plan and conduct security assessment in area of physical security (e.g.: data center security)
- Assist to establish and review policies, guidelines, procedures in system security、physical security and fintech technology security area
- Familiar with system platform operation and system architecture design is preferable
- Drive security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
- Oversee information security risk management processes for onboarding and off-boarding of third-party vendor relationships.
- Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
- Provide awareness by conducting training on third-party vendor risk management framework.
- Contribute to internal practice development initiatives and technology risk knowledge base
- Stay informed about latest developments in third-party vendor risk management field.
- Assist senior manager to formulate and manage information security policies, standards and procedures.
- Plan and conduct information security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls and endpoint security review, etc.
- Plan and carry out various information security assurance activities, such as computer accounts re-certification.
- Review the initiation of security configuration changes, such as access rules, data leakage prevention policies.
- Co-operates with system administrators to deploy various information security controls or tools, and take lead to conduct appropriate remedial action on security incidents.
- Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating information security risks and/or control gaps, and recommends remediation initiatives.
- Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
- Over 4 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
- Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
- Familiar with HKMA TMG-1, TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
- Good command of written and spoken English with Mandarin is preferable and
- Good communication and interpersonal skills;
- Flexibility in traveling.
- Candidate with less experience will be considered as Assistant Manager.
CTgoodjobs