My client, a Dutch multinational bank who has immense presence across the globe, is looking for a Regional Technology Risk professional to join their stable team in Hong Kong.
This is purely a 2nd line defence position, responsible for designing, implementation, monitoring and application of an effective risk framework for technology related risks. The bank offers a stable working environment, resulting in a low employee turnover rate.
Please see job description:
Key responsibilities of this role will include, but are not limited to the following:
Risk Governance
- Design, maintain and implement the regional and local IT risk management framework for the Asia region, including control tools & measures.
- Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements.
- Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis.
- Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures.
- Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.
Risk Identification
- Develop and maintain a system to promote the identification of IT related risks, including incident reporting.
- Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.
Risk Assessment
- Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
- Review and challenge the figures and information reported in the IT risk dashboard submitted by IT for completeness and accuracy.
Key Requirements:
- A relevant tertiary qualification
- 3+ years of experience in Technology Risk Management
- 8+ years in IT / IT Security / IT Audit
- Relevant professional certification is preferred (e.g. CSX, CISA, CISM, CRISC, CGEIT, CISSP, CCSP)
Technical and Specialist Skills:
- Strong knowledge of IT infrastructure components including software (Operating System, Application and Database), hardware (Server, Firewall, Switch and Router) and IT Security components
- Knowledge of Technology Risk Management practices, fundamentals and frameworks in Asia Region
- Knowledge of information security concepts, practices and tools
- Understanding Systems development practices, lifecycle management and Systems Testing
- Understanding of IT Governance within an organisation including its components, benefits and practices
- Experience in handling Asia regulatory (e.g. MAS, HKMA, RBI, CBIRC) requirements and compliance based initiatives including reporting
- Knowledge of IT Outsourcing (risks, controls, monitoring), Cloud Computing and related regulatory issues
- Experience in assessing residual technology risks related to Business Continuity Planning (BIA, RTO, DRP etc)
If you are interested in applying for this role, or having a conversation about other positions then please apply below or contact me for more information.