Assistant Vice President - IT Risk and Control - IT

Location:
HKEX - TKO

Shift:
Standard - 40 Hours (Hong Kong SAR)

Scheduled Weekly Hours:
40

Worker Type:
Permanent

Job Summary:
This role is for an experienced IT professional to join the IT Risk and Control (ITRC) focusing on risk and control activities for the Information Technology Division (ITD).

Key components of the role:
•\tImplement, maintain and update IT policies, standards, guidelines and procedures
•\tAssesses the execution of technology controls while considering the changing risk and regulatory landscape
•\tProvides guidance regarding control-gap remediation and compensating controls, oversees action plans and resolution of control issues/breaks with ITD functions to address security, risk and control gaps
•\tPromotes IT risk and control awareness, monitors and/or tracks and reports on compliance with established IT control policies, process, and procedures.

Job Duties:

Responsibilities

• Produce effective written communication on IT policies, standards, guidelines, procedures and job aids

• Gather information through research, SME interviews, source documents, review of existing documentation, and analyze IT processes to determine control and documentation requirements
• Manage regular reviews with ITD management, SMEs and other stakeholders to develop and maintain accuracy and completeness of documents
• Evaluate the functionality of existing and new technology platforms to drive adherence to HKEX policies and IT standards
• Participate in control-related activities, including test and evaluate evidences and identify control deficiencies / improvement opportunities, work with IT teams to define practical remediation
• Work with IT teams to gather control design requirements and facilitate discussions to bring closure on identified control issues
• Track, monitor and verify remediation and/or control implementation by ITD functions for appropriate closure of identified risks and issues
• Conduct training to promotes IT risk and control awareness, tracks and reports on compliance with established IT control policies, process and process

• Collaborate on internal and external technology audits, and 2nd Line deep dives and testing
• Exhibit a continuous learning mindset for education & awareness on IT risk and control concepts

Qualifications

• Bachelor's degree (or equivalent) in information technology or related disciplines
• 8 - 10 years of experience at a large multinational financial institution or relevant experience gained from consultancy firm
• Solid experience in drafting and maintaining policies and standards
• Solid understanding of internal control concepts with the ability to evaluate and determine the adequacy of controls by considering business and technology risks in an integrated manner
• Experience conducting infrastructure, application, or business process reviews is required
• Good knowledge of NIST Cybersecurity Framework, ITIL, CMMI, ITSM, COBIT, and PMBOK and professional qualification in CGEIT, CRISC, CISA and/or CISSP is a plus
• Knowledge of system development life cycle concepts with an ability to quickly learn a complex, distributed computing environment
• Knowledge of distributed technologies considered a plus, along with a good understanding of controls related to operating system and database platforms
• Ability to manage multiple tasks concurrently in an efficient and effective manner with minimal supervision
• Critical Thinking (anticipates problems and establishes methods to mitigate project/program risks), detail oriented and strong sense of accountability and ownership
• Strong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to continuous improvement
• Excellent verbal and written communications skills in English, including the ability to effectively participate in and lead discussions and meetings
• Team player who works well individually and in teams, shares information and collaborates with colleagues
• Enthusiastic, self-motivated, strong interest in learning, effective under pressure

Company Introduction:

Hong Kong Exchanges and Clearing Limited (HKEX) is one of the world's major exchange groups, and operates a range of equity, commodity, fixed income and currency markets. HKEX is the world's leading IPO market and as Hong Kong's only securities and derivatives exchange and sole operator of its clearing houses, it is uniquely placed to offer regional and international investors access to Asia's most vibrant markets.

As the global markets leader in the Asian time-zone, we offer a world of opportunities for early careers and experienced hires. Here, we know that diverse thinking fosters better solutions, and we are committed to building an open and dynamic environment which allows our business to innovate and our people to thrive.

Discover the latest career opportunities and programmes at HKEX.

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.