CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Provide IT Risk & Security consultancy to the IT Division on technology risk management framework, IT policy and procedure, regulatory requirements and industry best practice around IT risk, IT security and regulatory compliance;
Develop and maintain a fit and proper technology risk management and IT security framework for the company;
Perform risk & control assessments on IT processes to articulate and explain the risk to management as well as propose mitigating controls to reduce the risk;
Define IT security control requirements & policy;
Oversight of threat & vulnerability management to ensure that high risk threat & vulnerability are properly addressed by relevant parties;
Promoting IT security awareness across the company;
Assist on the investigation of IT security incident;
Formulate IT risk and security requirements for 3rd party service providers and overseas offices from a governance perspective to assure that IT risk and security requirements are being managed;
Perform and manage the Operational Risk Event Reporting according to the requirements from Operational Risk Management;
Maintain IT risk register to record all the potential IT risk being identified and manage all identified risk according to the technology risk management framework;
Develop and maintain Key Risk Indicators and security metrics for continuous monitoring of the company's IT risk and security posture;
Perform IT regulatory compliance assessment & reporting, work closely with Legal & Compliance Division on responding to circulars & notices that affect the IT Division;
Coordinate all internal/external IT audit & regulatory inspection; and
Assist the team head and provide support on other service areas across the function covering Technology Risk Management and Business Continuity Management.
Degree holder major in Computer Science or related field
At least 8 years of experience in multiple areas including technology risk, information security, cyber security, regulatory compliance, risk & control and/or operational risk management from the banking and finance industry
Certification in information security, IT audit, and/or business continuity (e.g. CISA, CISM, CISSP or DRII/BCI)
Prior experience gained as an auditor is desirable
Extensive knowledge of IT risk and security principles and best practices, practical experience in IT security and to conduct IT security risk assessment
Sound knowledge across different domains including information security, cyber security, risk & control, operational risk management
Experience in performing IT regulatory compliance assessment & reporting
Familiar with the regulatory environment of the banking and finance industry including the requirements from HKMA and SFC
Strong communication and interpersonal skill and be able to work with stakeholders at all levels
Strong business knowledge on investment banking, securities brokerage and private banking business
Please apply in strict confidence with full resume, academic record, current and expected salaries.
(The personal data provided will be used for consideration of recruitment only. All personal data of unsuccessful candidatee will be destroyed within six months.)