Back to Job Search

Job Description

My client, a Dutch multinational bank who has immense presence across the globe, is looking for a Regional Technology Risk professional to join their stable team in Hong Kong.

This is purely a 2nd line defence position, responsible for designing, implementation, monitoring and application of an effective risk framework for technology related risks. The bank offers a stable working environment, resulting in a low employee turnover rate. 

Please see job description:

Key responsibilities of this role will include, but are not limited to the following: 

Risk Governance

  • Design, maintain and implement the regional and local IT risk      management framework for the Asia region, including control tools & measures. 
  • Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements.
  • Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis.
  • Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures.
  • Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.

Risk Identification

  • Develop and maintain a system to promote the identification of IT related risks, including incident reporting. 
  • Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.

Risk Assessment

  • Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
  • Review and challenge the figures and information reported in the IT risk dashboard submitted by IT for completeness and accuracy.

Key Requirements:

  • A relevant tertiary qualification
  • 3+ years of experience in Technology Risk Management
  • 8+ years in IT / IT Security / IT Audit
  • Relevant professional certification is preferred (e.g. CSX, CISA, CISM, CRISC, CGEIT, CISSP, CCSP)

Technical and Specialist Skills:

  • Strong knowledge of IT infrastructure components including software (Operating System, Application and Database), hardware (Server, Firewall, Switch and Router) and IT Security components
  • Knowledge of Technology Risk Management practices, fundamentals and frameworks in Asia Region
  • Knowledge of information security concepts, practices and tools
  • Understanding Systems development practices, lifecycle management and Systems Testing
  • Understanding of IT Governance within an organisation including its components, benefits and practices
  • Experience in handling Asia regulatory (e.g. MAS, HKMA, RBI, CBIRC) requirements and compliance based initiatives including reporting
  • Knowledge of IT Outsourcing (risks, controls, monitoring), Cloud Computing and related regulatory issues
  • Experience in assessing residual technology risks related to Business Continuity Planning (BIA, RTO, DRP etc)

If you are interested in applying for this role, or having a conversation about other positions then please apply below or contact me for more information.