Job Responsibilities :
Lead and provide specialist risk advice and independent challenge across a number of emerging technology domains, such as cloud computing, DLT, smart contract, API, etc.
Identify and monitor emerging technology-related risks, escalate to senior management and relevant stakeholders in a timely manner, and provide advice on addressing the risks.
Formulate and deliver an effective independent risk assurance programme to evaluate the effectiveness of risk identification, risk assessment and risk management measures carried out by business / technology functions in relation to emerging technology-related risks, covering both business-as-usual critical operations and strategic projects.
Enhance ongoing readiness of relevant stakeholders in handling technology incidents and exercise oversight of technology incident management.
Foster and maintain effective relationships and collaboration with regulators, law enforcement, exchange peers and industry partners.
Job Requirements :
A self-motivated, reliable, consensus building, persuasive individual with highly effective communication skills for delivering technology risk messages in English to a broad range of technical and non-technical audiences, including business users and up to the board and executive committee levels.
Proficiency in Chinese and Putonghua would be an advantage.
University degree in information security, computer science, or related fields of study.
At least 10 years of relevant experience in technology risk management, preferably in financial services sector or professional services for clients in financial services industry.
Demonstrate good knowledge in general cyber and technology related controls from both a tactical and strategic viewpoint.
A broad and in-depth understanding of industry best practices in managing technology risks (including security threats, vulnerabilities and system resilience risks) associated with cloud computing, DLT, smart contracts and API.
Solid experience in risk assessments, audits, project review, and / or technical risk management / implementation of cloud computing, DLT, smart contracts, and API technologies.
CISA or other technology certification / accreditation required. Relevant professional qualifications in emerging technologies including cloud computing, DLT, smart contracts and API would be an advantage.
General knowledge of exchange business and regulatory practices is highly regarded.
Candidate with less experience will be considered AVP.