Responsibilities :
Perform control assurance activities in a set of domains including Business Continuity Planning / Disaster Recovery, Project Management, Third-party Risk Management, Change Management, Incident Management, IT Operations and Release Management
Be proficient in performing control assurance activities relating to Information & Cybersecurity including Information Classification, Customer Data Protection, Identity & Access Management, Vulnerability Management, Network Security, Application Security Endpoint Security and Cyber Incident & Response
Execute control assurance activities using a risk based approach and support the control assurance testing team to ensure the quality of observations and findings are factual and provide recommendation to address these findings
Document the control assurance assessment report, publish and socialize to senior management
Update the ORMS with control assurance observations and findings and perform tracking until the observation is closed out
Monitoring the progress of periodic control assurance review within ITG
Assist AGM of Control Assurance & Governance team in managing the lifecycle of control assurance review including scoping, fieldwork, and control testing etc.
Perform risk assurance review on periodic basis to support 1st LOD risk control & compliance objective
Perform gap analysis on risk control against policies and standards
Tracking of ITG’s monthly and quarterly KRIs for management reporting
Document and minute management oversight committee’s decisions and perform status tracking
Assist in BCP coordination activities including drill planning and work arrangement etc.
Make recommendation to ITG management in the perspective of enhancing ITG overall control environment
Requirements :
Bachelor or Master Degree in Information Technology, Computer Science, or Engineering
4-6 years+ experience working with senior stakeholders, business units, risk discipline and / or IT environment
Ability to influence peers and stakeholders to foster and uplift risk culture across ITG
Ability to execute control assurance review activities with some supervision
Good decision-making capabilities with a proven track record to weigh the relative consequences of potential actions to inform decisions
ISACA certified (e.g. CRISC, CISA, CISM) is highly regarded
Certification in ITIL, ISMS, COBIT is an advantage
Strong knowledge in Technology Risk Management and Cybersecurity
Good knowledge of regulatory compliance requirements relating to TM-E-1, TM-G-1, SA-2, PDPO and CRAF2.0 is a MUST
Good knowledge on the retail Regulatory landscape such as the Code of Banking Practice would be preferred
Good knowledge in retail banking product / services and e-banking channels
Passionate about Technology Risk Management, Control Assurance and / or GRC
Possess strong interpersonal and communication skills and display initiative to lead discussions with operational staff at all level, business units, management and peers
Excellent written and verbal communication skills (both English and Putonghua), proactive, interpersonal and collaborative skills and the ability to communicate cyber and technology risk concepts to technical and non-technical audiences at various hierarchical
For more details about career opportunities with the Bank, please visit our website http : / / www.cncbinternational.com / careers / en / index.
jsp. Please apply with full resume stating current and expected salaries.
Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful.
However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years.
Personal data will be destroyed at any time after 3 months.
China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment.
All employment decisions will be made in a non-discriminatory manner.
