The successful candidate should have 10-15 years of experience in Technology Risk Management, Information Security, Technology Governance, Internal Audit (Technology) or other related roles. The preferred candidate will have experience in Financial Services or other heavily regulated industries (e.g. Pharmaceuticals, Healthcare, etc.). Clear, concise and articulate communication of complex and conceptual topics is required for success.

In addition, the following qualifications are preferred:

Relevant industry certifications (e.g. CIA, CRISC, CISA, ITIL, CISSP, GRCP / CRCM)

Cloud CSP training such as AWS Foundation and/or MS Azure Fundamentals

Experience with Technology Implementation or Operation

Hands on experience with Control Design and Implementation

Understanding of the Audit Lifecycle

Knowledge of relevant Technology and Business Regulations; ideal candidate has direct experience of interface with Regulators (principally PRA, MAS and HKMA).

Knowledge of and/or hands-on experience of Technology Architecture

Comfortable with ambiguity and able to make decisions

Process Design and Analysis

Documentation and Textual Analysis

Data Analytics

Experience negotiating with and influencing technical and/or senior stakeholders

Knowledge of Cloud and DevOps

Excellent understanding of Operational Risk Management for a technology stream

Strong performer, with efficiency and delivery outcomes

Makes a strategic difference

Fluent English communication & writing skills

Assertive & good problem-solving skills with common sense

This role is responsible for identifying, assessing, managing and governing risk through the application of the Bank's Enterprise Risk Management Framework and specifically the underpinning Operational Risk Type Framework and with consideration given to industry standards and best practices.

• This role is key and responsible for continuing improvements in the Domain(s)'s approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities.
• This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting.
• Maintain & Implement Risk and Control Process for 1st line of defence as per bank's ERMF.
  • Identify risk profile / R&R for all parties involved, Cloud Platform support Mgr, Platform engineer , Domain heads etc.
  • Document & Maintain (review periodically for applicability, improvement and efficiency) the Risk Management process on Domain Risk Meetings, MOM Templates, Audit Engagements, Risk Approvals, Risk Extensions, Risk Assessments and Risk reviews done by UORM.
• Maintain central data repository for Risk & Control.
  • This includes Risk Profile, Risk Analysis (Operational M7 & CRISP Security risks), Stakeholder engagement Matrix, CSAR Status, list of GIA Audits and status, Open and Overdue Audit status etc.
  • Ensure Awareness of Rules of Engagement w.r.t Risk Management to all domain stakeholders either directly or through UORMs and Leadership to ensure consistency across domains.
• Advise and assist the Cloud & DevOps Portfolio Head(s) in driving and directing effective compliance with the prescribed Enterprise risk management framework
• Implement effective and efficient controls to minimise / mitigate operational impact
• Ensure proper management of risk and timely resolution of issues
• Promote understanding, practice and culture of Enterprise Operational Risk within the Domain(s).

#LI-SS2

GRC Process