Compliance & IT Risk Manager - Information Technology - Assistant Vice President

Job Responsibilities:

• Plan and conduct comprehensive independent reviews based on defined methodology, IT standards and/or industry good practice
• Assess adequacy and effectiveness of ITD's internal controls, and properly document the assessment/review procedures performed.
• Prepare review reports, articulate and present any issues, root causes and recommended actions to management
• Design and implement continuous monitoring controls using automated or data analytics tools
• Coordinate with other IT teams to address control weaknesses, including design and implement new controls to address known issues
• Proactively track, follow-up and report implementation status of issue remediation and risk mitigation
• Review and revise/update IT standards and procedures
• Conduct training to improve awareness of control requirements stated in IT standards, and/or any industry good practices
• Work closely with Risk, Compliance and Internal Audit for risk mitigation and control improvements

Job Requirements:

• University graduate in information technology, information security or related disciplines
• Minimum 8 years of relevant experience in technology risk, cybersecurity, technology audit and/or IT compliance gained from financial institutions
• Holder of relevant professional certificates, such as, CISA, CISSP, CRISC, CGEIT is preferred
• Good knowledge of NIST Cybersecurity Framework, ITIL, CMMI, ITSM, COBIT, PMBOK, SDLC, and key IT processes
• Practical experience in IT control assessment/auditing, technology risk management, and business & system processes review
• Experience in designing and implementing new controls to mitigate identified risks
• Working knowledge of controls verification using data analytics
• Experience in reviewing and revising IT standards and procedures
• Ability to manage multi-assignments in a dynamic working environment
• Strong problem solving, analytical and presentation skills
• Excellent communications skills and advanced reporting writing skill in English and Chinese
• Work experience in Big 4 audit firm is an advantage

Applicants who do not hear from us within 6 weeks may consider their applications unsuccessful. Personal data provided will only be used for the purpose of employment application to HKEX.