Responsibilities

• Develop and maintain technology risk management and cyber resilience policy and process in compliance with the HKMA requirements.
• As a second line of defense, assist risk owners in identifying and measuring risks to build a  cyber and technology risks profile.
• Overseeing cyber and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment.
• Review residual risk level and control effectiveness to make recommendation for risk treatment.
• Coordinate to evaluate emerging cyber threat scenario for continuous improvement on cyber security response preparation for Business Continuity Management (BCM).
• Participate in cyber threat intelligence analysis to gauge the prevailing cyber threat landscape, and make recommendation on improving the company risk posture.

Requirements

• 6+ years of experience in information security or technology risk management field.
• Holder of CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred.
• Practical experience and knowledge in risk management framework and methodology.
• Knowledge in control frameworks such as C-RAF, TM-E-1, TM-G-1 published by the HKMA, etc.