Senior Technology Risk Manager

Senior Technology Risk Manager at Bank of China (Hong Kong)

Bank of China (Hong Kong) is seeking a Senior Technology Risk Manager to join our team. In this pivotal role, you will be instrumental in enhancing the Group's technology risk management framework, ensuring compliance with Head Office and regulatory requirements, and supporting the integration of cutting-edge AI solutions within our risk management initiatives.

Responsibilities

• Assist in establishing and reviewing the technology risk management policy, mechanism, and tools for the Group, aligning with Head Office and regulatory requirements.
• Monitor and guide the first line of defense in applying technology risk management tools for identifying, assessing, monitoring, and controlling technology risk, providing necessary mitigation measures.
• Prepare regular management reports detailing the Group's technology risk status.
• Assess the adequacy and effectiveness of controls from technology risk perspectives during the due diligence of new products, services, and AI applications, offering advisory and recommendations for IT initiatives' new technology solutions.
• Coordinate technology risk-related regulatory examinations and communications, conduct reviews to identify potential risks, recommend actions for control weaknesses, and monitor the implementation of remedial actions.
• Assist in the implementation of AI solutions for risk management initiatives.

Requirements

• Bachelor's Degree or higher in Information Technology or a related discipline.
• For Senior Technology Risk Manager: 6+ years of banking experience, with at least 3 years in IT security, technology risk, or IT audit within the banking industry.
• For Technology Risk Manager: 4+ years of banking experience, with at least 2 years in IT security, technology risk, or IT audit within the banking industry.
• Holders of Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Information Systems Manager (CISM) are preferred.
• Sound knowledge of HKMA requirements and industry standards in technology risk management.
• Understanding of AI technology, development frameworks, and tools. Experience in implementing AI solutions is a plus. Holder of ISACA Advance in AI Audit (AAIA) certificate is an advantage.
• Ability to work independently and under pressure, and be a good team player.
• Attention to detail, strong analytical and interpersonal skills.
• Excellent communication skills in Cantonese, Mandarin, and English. Proficiency in preparing presentation materials and reports in Chinese is an advantage.

Key skills/competency

• Technology Risk Management
• IT Security
• Risk Assessment
• Regulatory Compliance (HKMA)
• AI Solutions
• IT Audit
• Incident Handling
• Control Effectiveness
• Management Reporting
• Analytical Skills