CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Develop and maintain corporate-wide information security policy, technology risk management process and ISMS in compliance with the ISO27001 standard
As a second line of defense, assist risk owners in identifying and measuring risks to build a corporate-wide security and technology risks profile
Assist senior management in overseeing security and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment
Review residual risk level and control effectiveness to make recommendation for risk treatment
Interpret security key risk statistics for reporting to senior management on regular basis
Coordinate to evaluate emerging cyber threat scenario for continuous improvement on cyber security response preparation in Business Continuity Plan (BCP)
Promote security awareness and ensure compliance with applicable security standards
Participate in cyber threat intelligence analysis to gauge the prevailing cyber threat landscape, and make recommendation on improving the company risk posture
Review and make recommendation on using of Open Source Software (OSS) and freeware
Perform security administration including corporate level user identity and access management, privileged account management, digital certificates renewal, etc. when required
Execute security operation procedures in accordance with the corporate information security policy and guidelines when required
Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new security technologies and standard with reference to prevailing industry best practices
Perform other job duties as assigned by the supervisors
University degree preferably in information technology, information security or related discipline
Minimum 4 years of experience in information security or technology risk management field
Holder of security certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred
Practical experience and knowledge in risk management framework and methodology
Knowledge in security control frameworks such as C-RAF published by the HKMA or ISO27001 standard, etc.
Experience in working for major financial institutions
A good team player with sound interpersonal and communication skills
Good command of spoken and written English and Chinese
Candidates with less experience may be considered for appointment as Specialist II (Technology Risk Management)