Cybersecurity Risk Manager

Responsibilities

• Contribute to technology risk governance by reviewing IT initiatives and providing expert advisory from a technology risk and information security perspective.
• Drive application security excellence through the development, review, and enhancement of policies, guidelines, and procedures, while delivering practical guidance to support risk and security assessments (including vulnerability scanning, penetration testing, and related activities).
• Perform ongoing application security assurance by conducting regular assessments, leveraging security testing tools such as Fortify, AppScan, and open-source scanners, and applying DevSecOps principles along with industry best practices (e.g., OWASP).

Skills Reqd

• Bachelor Degree in Computer Science, Information Systems, or a closely related discipline.
• 4+ years in IT security, technology risk management, compliance, or IT audit roles, preferably acquired within sizable financial institutions, complemented by at least one HKMA-recognized qualification (e.g., CISA, CISSP, CRISC) as a strong advantage.
• Regulatory and technical familiarity with key frameworks such as HKMA TM-G-1, TM-E-1, PCI-DSS, and ISO 2700-series standards, together with excellent written and spoken English (Mandarin proficiency preferred) and strong communication and interpersonal skills.
• Proficient in Chinese and English.