Duties: Proactively identify, assess, and manage inherent risks within technology and services. Create and maintain cyber technology policies, standards, and procedures to keep them evergreen and to ensure alignment with industry leading practices and regulatory requirements. Strengthen the control environment through education, collaboration, and oversight. Drive effective risk mitigating controls designed, deployed, and monitored by the application owners, developers, and support teams. Develop an integrated technology control framework maintaining the appropriate balance between risk mitigation, product growth, and financial returns. Drive transparent, measurable, and sustainable control improvements. Partner closely with business and technology stakeholders to provide clear direction and guidance to manage risks, driving control optimization, process efficiency, and improved client experience. Work with technology and product managers to identify potential issues and ensure effective remediation throughout the full issue management lifecycle. Provide active engagement in risk assessments and control substantiation. Engage and partner with teams to promote cross-functional relationships and foster collaborative approaches. Collaborate with teams on Internal Audits, SSAE16, SOX, Operational Risk, and Regulatory assessments. Design and execute Risk & Control Self-Assessment (RCSA), mapping controls to business processes and ensuring issues and related action plans are timely documented, assigned, and resolved. Partner closely with internal teams in reviewing and preparing responses to RFI enquiries on timely basis. Ensure timely escalation of material issues to senior management.
Minimum education and experience required: This position requires a Bachelor's degree in Business Administration, Cyber Security, Technology Risks and Controls, or a related field of study plus seven (7) years of experience in the job offered or seven (7) years of experience as an Information Control Officer, Technology Security Specialist, or related occupation. The employer will alternatively accept a Master's degree plus five (5) years of experience in lieu of a Bachelor's degree and seven (7) years of experience.
Skills Required: This position requires five (5) years of experience with: application and mobile security; data protection and privacy; technology security, risk, and audit within the Financial Services industry or other industries (i.e. utilities); secure software development life cycle (SSDLC); Agile or Waterfall methodologies; implementing and assessing security frameworks including ISO 270XX, NIST CSF, NIST 800-XX, SOC 2, COBIT, CSA, and industry best practices; global regulatory agencies such as MAS, FINRA, HKMA, FRB, BSM, CBRC, RBI, ECB, OCC, OSC, or ANEEL; managing regulatory inquiries; and cybersecurity (cloud, application, or mobile) process analysis and process standardizations. This position requires two (2) years of experience with: cloud security and technologies such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform; and Kubernetes and Docker container platforms.
Loading some great jobs for you...