- Hong Kong Hong Kong
全职 Technology Risk Manager (Information Security Control Division) 工作, 薪水, Bank Of China (Hong Kong) Limited Hong Kong 公司招聘中 - Ricebowl
分享
保存
工作地点
职位描述
岗位职责
Join Bank of China (Hong Kong)
Be a dynamic member of our team
We commit to excellence and professionalism
We value people
We offer challenging and rewarding careers that will further your personal development.
For other vacancies, please visit our website at *************
Job No.: 499438
Employment Type: Full time
Departments: Information Technology Department
Job Functions: Information Technology
Roles and Responsibilities & Specific Requirements (Application Security):
Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
Assist to establish and review policies, guidelines, procedures in application security area
Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
Conduct regular assessment on application security
Familiar with security testing tools e.g. Fortify, AppScan and Open Source Scanning tools, technologies on DevSecOps and industry good practice OWASP is preferable
Roles and Responsibilities & Specific Requirements (System Security):
Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc.
Conduct regular assessment on OS platform security & middleware software security
Plan and conduct security assessment in area of physical security (e.g.: data center security)
Assist to establish and review policies, guidelines, procedures in system security、physical security and fintech technology security area
Familiar with system platform operation and system architecture design is preferable
Roles and Responsibilities & Specific Requirements (Third-Party Security):
Drive security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
Oversee information security risk management processes for onboarding and off-boarding of third-party vendor relationships.
Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
Provide awareness by conducting training on third-party vendor risk management framework.
Contribute to internal practice development initiatives and technology risk knowledge base
Stay informed about latest developments in third-party vendor risk management field.
Roles and Responsibilities & Specific Requirements (Information Security):
Assist senior manager to formulate and manage information security policies, standards and procedures.
Plan and conduct information security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls and endpoint security review, etc.
Plan and carry out various information security assurance activities, such as computer accounts re-certification.
Review the initiation of security configuration changes, such as access rules, data leakage prevention policies.
Co-operates with system administrators to deploy various information security controls or tools, and take lead to conduct appropriate remedial action on security incidents.
Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating information security risks and/or control gaps, and recommends remediation initiatives.
General Job Requirements:
Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
Over 4 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
Familiar with HKMA TMG-1, TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
Good command of written and spoken English with Mandarin is preferable and
Good communication and interpersonal skills;
Flexibility in traveling.
Candidate with less experience will be considered as Assistant Manager.
If you are applying for in-scope position(s) under the Mandatory Reference Checking Scheme (i.e., A role carrying out regulated activities licensed by the IA, SFC & MPFA), you are required to undergo the Mandatory Reference Checking. Our responsible recruiter will inform you the details of the MRC process and the requirements in due course. For details, please click here.
We offer competitive remuneration package and comprehensive fringe benefits including medical and life insurance, and different types of allowances to the right candidate. Interested parties, please submit your application online. For details, please visit our website *************
To apply: *************
Data collected would be used for recruitment purposes only. It might also be disclosed to our subsidiaries or Associated Companies to process the information for appointment. Applicants who do not hear from us within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months of receipt.
Full-time,Permanent
Be a dynamic member of our team
We commit to excellence and professionalism
We value people
We offer challenging and rewarding careers that will further your personal development.
For other vacancies, please visit our website at *************
Job No.: 499438
Employment Type: Full time
Departments: Information Technology Department
Job Functions: Information Technology
Roles and Responsibilities & Specific Requirements (Application Security):
Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
Assist to establish and review policies, guidelines, procedures in application security area
Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
Conduct regular assessment on application security
Familiar with security testing tools e.g. Fortify, AppScan and Open Source Scanning tools, technologies on DevSecOps and industry good practice OWASP is preferable
Roles and Responsibilities & Specific Requirements (System Security):
Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc.
Conduct regular assessment on OS platform security & middleware software security
Plan and conduct security assessment in area of physical security (e.g.: data center security)
Assist to establish and review policies, guidelines, procedures in system security、physical security and fintech technology security area
Familiar with system platform operation and system architecture design is preferable
Roles and Responsibilities & Specific Requirements (Third-Party Security):
Drive security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
Oversee information security risk management processes for onboarding and off-boarding of third-party vendor relationships.
Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
Provide awareness by conducting training on third-party vendor risk management framework.
Contribute to internal practice development initiatives and technology risk knowledge base
Stay informed about latest developments in third-party vendor risk management field.
Roles and Responsibilities & Specific Requirements (Information Security):
Assist senior manager to formulate and manage information security policies, standards and procedures.
Plan and conduct information security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls and endpoint security review, etc.
Plan and carry out various information security assurance activities, such as computer accounts re-certification.
Review the initiation of security configuration changes, such as access rules, data leakage prevention policies.
Co-operates with system administrators to deploy various information security controls or tools, and take lead to conduct appropriate remedial action on security incidents.
Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating information security risks and/or control gaps, and recommends remediation initiatives.
General Job Requirements:
Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
Over 4 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
Familiar with HKMA TMG-1, TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
Good command of written and spoken English with Mandarin is preferable and
Good communication and interpersonal skills;
Flexibility in traveling.
Candidate with less experience will be considered as Assistant Manager.
If you are applying for in-scope position(s) under the Mandatory Reference Checking Scheme (i.e., A role carrying out regulated activities licensed by the IA, SFC & MPFA), you are required to undergo the Mandatory Reference Checking. Our responsible recruiter will inform you the details of the MRC process and the requirements in due course. For details, please click here.
We offer competitive remuneration package and comprehensive fringe benefits including medical and life insurance, and different types of allowances to the right candidate. Interested parties, please submit your application online. For details, please visit our website *************
To apply: *************
Data collected would be used for recruitment purposes only. It might also be disclosed to our subsidiaries or Associated Companies to process the information for appointment. Applicants who do not hear from us within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months of receipt.
Full-time,Permanent
重要安全守则
申请工作时,切勿提供您的银行或信用卡详细资料。不要转账或完成无关的在线调查问卷。如果您发现可疑内容,请举报此招聘广告。
了解更多
