Senior Manager / Manager, IT Risk Control & Governance (Control Assurance)
China CITIC Bank International Limited
Hong Kong, Hong Kong

Responsibilities :

  • Perform control assurance activities in a set of domains including Business Continuity Planning / Disaster Recovery, Project Management, Third-party Risk Management, Change Management, Incident Management, IT Operations and Release Management
  • Be proficient in performing control assurance activities relating to Information & Cybersecurity including Information Classification, Customer Data Protection, Identity & Access Management, Vulnerability Management, Network Security, Application Security Endpoint Security and Cyber Incident & Response
  • Execute control assurance activities using a risk based approach and support the control assurance testing team to ensure the quality of observations and findings are factual and provide recommendation to address these findings
  • Document the control assurance assessment report, publish and socialize to senior management
  • Update the ORMS with control assurance observations and findings and perform tracking until the observation is closed out
  • Monitoring the progress of periodic control assurance review within ITG
  • Assist AGM of Control Assurance & Governance team in managing the lifecycle of control assurance review including scoping, fieldwork, and control testing etc.
  • Perform risk assurance review on periodic basis to support 1st LOD risk control & compliance objective
  • Perform gap analysis on risk control against policies and standards
  • Tracking of ITG’s monthly and quarterly KRIs for management reporting
  • Document and minute management oversight committee’s decisions and perform status tracking
  • Assist in BCP coordination activities including drill planning and work arrangement etc.
  • Make recommendation to ITG management in the perspective of enhancing ITG overall control environment
  • Requirements :

  • Bachelor or Master Degree in Information Technology, Computer Science, or Engineering
  • 4-6 years+ experience working with senior stakeholders, business units, risk discipline and / or IT environment
  • Ability to influence peers and stakeholders to foster and uplift risk culture across ITG
  • Ability to execute control assurance review activities with some supervision
  • Good decision-making capabilities with a proven track record to weigh the relative consequences of potential actions to inform decisions
  • ISACA certified (e.g. CRISC, CISA, CISM) is highly regarded
  • Certification in ITIL, ISMS, COBIT is an advantage
  • Strong knowledge in Technology Risk Management and Cybersecurity
  • Good knowledge of regulatory compliance requirements relating to TM-E-1, TM-G-1, SA-2, PDPO and CRAF2.0 is a MUST
  • Good knowledge on the retail Regulatory landscape such as the Code of Banking Practice would be preferred
  • Good knowledge in retail banking product / services and e-banking channels
  • Passionate about Technology Risk Management, Control Assurance and / or GRC
  • Possess strong interpersonal and communication skills and display initiative to lead discussions with operational staff at all level, business units, management and peers
  • Excellent written and verbal communication skills (both English and Putonghua), proactive, interpersonal and collaborative skills and the ability to communicate cyber and technology risk concepts to technical and non-technical audiences at various hierarchical
  • For more details about career opportunities with the Bank, please visit our website http : / / / careers / en / index.

    jsp. Please apply with full resume stating current and expected salaries.

    Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful.

    However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years.

    Personal data will be destroyed at any time after 3 months.

    China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment.

    All employment decisions will be made in a non-discriminatory manner.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。