Mandate/Job summary
A Technology Risk Officer is responsible for applying Technology and Resiliency Risk knowledge and expertise to assist with Second Line of Defense activities.
Key Accountabilities:
- Identify different mechanisms and methods for predictively identifying technology and resiliency risk
- Utilize use cases to determine control sufficiency of use cases to determine technology and resiliency risk, determine control gaps, and determine how gaps can lead to technology & resiliency risk
- Use of internal & external data to provide insights, develop analytical strategies, and provide analytical support regarding a wide array of business initiatives
- Identify gaps in compliance to technology assets, network, digital, channel and infrastructure & BCP standards and policies, for both internal / external technology solutions as well as solutions provided by third-party service providers
- Improve our baseline on information protection, resiliency and controls of technology processes and services
- Provide clear and concise verbal and written recommendations and guidance to EITRM staff for consumption and for EITRM to provide guidance to technology and business
Qualifications:
Knowledge & Skills:
- Bachelor’s degree in Information Technology, Computer Science, Business Administration, or relevant educational and professional experience
- Strong understanding of information and technology risk and ability to effectively communicate information risk and threat topics to executives
- Proven experience in identification of emerging and existing
- Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etc.)
- Familiarity with IT audits and risk assessments
- Familiarity with security frameworks (ISO 27001, NIST, etc.) and general security concepts
- Familiarity with Regulatory controls (MAS, HKMA, OCC, PBoC, CBIRC)
- Strong organizational skills and the ability to multitask and switch priorities with short notice
- Strong business analysis, research and analytical skills
- Excellent communication skills
Employee Status:
Regular
Travel:
Yes, 10 % of the Time
Job Level:
Non-Customer Facing - People Manager