The incumbent is responsible for executing control assurance review, assistant the AGM in providing objective assessment on behalf of 1.5 Line of defense. Control Assurance assessment will be conducted using sample based approach to test 1st Line control design and operating effectiveness as well as the soundness of framework, processes and methodologies. In addition, the team will be responsible for IT Governance activities within 1.5 Line of defense remit including tracking and monitoring of KRIs, risk reporting to parent bank, risk treatment evaluation and monitoring etc.
- Perform control assurance activities in a set of domains including Business Continuity Planning/Disaster Recovery, Project Management, Third-party Risk Management, Change Management, Incident Management, IT Operations and Release Management
- Be proficient in performing control assurance activities relating to Information & Cybersecurity including Information Classification, Customer Data Protection, Identity & Access Management, Vulnerability Management, Network Security, Application Security Endpoint Security and Cyber Incident & Response
- Execute control assurance activities using a risk based approach and support the control assurance testing team to ensure the quality of observations and findings are factual and provide recommendation to address these findings
- Document the control assurance assessment report, publish and socialize to senior management
- Update the ORMS with control assurance observations and findings and perform tracking until the observation is closed out
- Monitoring the progress of periodic control assurance review within ITG
- Assist AGM of Control Assurance & Governance team in managing the lifecycle of control assurance review including scoping, fieldwork, and control testing etc.
- Perform risk assurance review on periodic basis to support 1st LOD risk control & compliance objective
- Perform gap analysis on risk control against policies and standards
- Tracking of ITG’s monthly and quarterly KRIs for management reporting
- Document and minute management oversight committee’s decisions and perform status tracking
- Assist in BCP coordination activities including drill planning and work arrangement etc.
- Make recommendation to ITG management in the perspective of enhancing ITG overall control environment
- Bachelor or Master Degree in Information Technology, Computer Science, or Engineering
- 4-6 years+ experience working with senior stakeholders, business units, risk discipline and/ or IT environment
- Ability to influence peers and stakeholders to foster and uplift risk culture across ITG
- Ability to execute control assurance review activities with some supervision
- Good decision-making capabilities with a proven track record to weigh the relative consequences of potential actions to inform decisions
- ISACA certified (e.g. CRISC, CISA, CISM) is highly regarded
- Certification in ITIL, ISMS, COBIT is an advantage
- Strong knowledge in Technology Risk Management and Cybersecurity
- Good knowledge of regulatory compliance requirements relating to TM-E-1, TM-G-1, SA-2, PDPO and CRAF2.0 is a MUST
- Good knowledge on the retail Regulatory landscape such as the Code of Banking Practice would be preferred
- Good knowledge in retail banking product/services and e-banking channels
- Passionate about Technology Risk Management, Control Assurance and/or GRC
- Possess strong interpersonal and communication skills and display initiative to lead discussions with operational staff at all level, business units, management and peers
- Excellent written and verbal communication skills (both English and Putonghua), proactive, interpersonal and collaborative skills and the ability to communicate cyber and technology risk concepts to technical and non-technical audiences at various hierarchical
For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp. Please apply with full resume stating current and expected salaries.
Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.
China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner.