Governance & Oversight: Support the Divisional Control Officer in monitoring IT risks, enforcing control strategies, and ensuring new business initiatives or system revisions align with the bank's Technology Risk Appetite.
Risk & Control Assessments: Conduct end-to-end process reviews and control self-assessments to proactively identify compliance gaps, implement robust mitigation measures, and track remedial actions.
Collaboration & Quality Assurance: Partner with IT, business operations, and second-line defense units (AFD, GCD, ORD) to conduct periodic assurance reviews and execute control enhancements.
Incident Management & Monitoring: Monitor emerging risks (including cybersecurity), manage incident escalation, and identify root causes to implement long-term preventive measures.
Reporting & Meeting Leadership: Host IT risk governance meetings and deliver comprehensive risk, compliance, and internal control updates to senior management and the Operational Risk & Internal Control Committee.
Experience: 10+ years in banking IT, with at least 8 years dedicated specifically to IT control implementation.
Education: Bachelor's degree in Computer Science, Information Technology, or a related field.
Certifications (Preferred): CISSP, CISA, CISM, or CCSP.
Skills: Strong analytical thinking, independent problem-solving under pressure, bilingual communication (English and Chinese), and a deep understanding of banking regulations.
