• Deliver tailored and specific expertise enabling 1LOD to successfully deploy and operate mitigating key controls.

• Participate in Key Risk Governance Forum (IT RCMM, RMM, etc), including risk decision material preparation and presentation to C-Suite level.

• Provide technical guidance to support for control gap mitigation.

• Ensuring critical issues, events and incidents both in key controls and material change programmes are managed and understood by and escalated to appropriate governance forums for appropriate and timely resolution.

• Active management of risk is expected including promptly raising and closing Helios, and MSIIs, ensure the bank risk management protocols are aligned.

• Collaborate with cross-functional teams to ensure the effective integration of risk management practices into all technology processes

• Ensure the integrity and timely completeness of risk and control identification, assessment and information within the Group’s Risk and Control system of record (Helios) as well as directing documented remediation plans for residual risks.

• Effective reporting of project timeline, milestones and OKR outcomes to project sponsors and outcome owners across value streams

• Educating stakeholders to understand the impact of emerging risks that require changes to controls, resources, and business operations to ensure they remain within appetite

Candidate with less relevant experience or skills may be offered a lower Global Career Band than stated above

• 8-12+ years of experience in audit, security or risk management within the financial services industry.

• Excellent analytical skills with the ability to assess complex situations and make informed decisions,

• Familiar with various data tool e.g. Qlik Power BI and Excel etc, and capable with the root cause analytics.

• Ability to communicate effectively, building strong relationships and influence senior internal and external stakeholders with or without technology background.

• Sound knowledge on internal control environment.

• Strong level of risk management knowledge and relevant experience.

• Previous experience and/or knowledge in Resilience Risk types, especially on Technology (including Cyber) Risk, Data & Information Risk will be advantageous.

• Self-motivated, detail-minded, organize and able to work independently

• Excellent communication (verbal and written) and interpersonal skills

• Fluent in English (both written and verbal) is required, Cantonese speaker will be advantageous

• Relevant certifications such as CISA, CRISC, CISSP, or equivalent are preferred.