Roles and Responsibilities:

• Drive security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
• Oversee information security risk management processes for onboarding and off-boarding of third-party vendor relationships.
• Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
• Provide awareness by conducting training on third-party vendor risk management framework. 
• Contribute to internal practice development initiatives and technology risk knowledge base
• Stay informed about latest developments in third-party vendor risk management field.

Job Requirements: 

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
• Over 4 years of experience in IT security, technology risk, risk management, system development management, compliance or IT audit function, gained from other sizable financial institutions.
• Demonstrated experience working with the regulators and external auditor.
• Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
• Good command of written and spoken English and Mandarin is preferable.
• Good communication and interpersonal skills.
• Flexibility in traveling.