Technology Risk Manager

Your day-to-day activities will involve collaborating with various departments to review IT initiatives from a technology risk perspective; establishing robust policies for both application and system security; conducting thorough assessments using advanced tools; researching new trends in fintech; managing third-party vendor risks; delivering training; supporting policy formulation; evaluating IT risks; deploying controls; and responding swiftly to incidents.

TECHNOLOGY RISK MANAGER

Salary: Competitive and based on experience
Location: Hong Kong

Keywords: technology risk, information security, application security, system security, third-party security, compliance, risk management, IT audit, security assessment

An exceptional opportunity has arisen for a Technology Risk Manager to join a highly respected financial institution in Hong Kong, within their Information Security Control Division. This role offers you the chance to play a pivotal part in shaping and safeguarding the organisation’s technology landscape, working at the forefront of application, system, and third-party security. You will be empowered to influence policy, drive best practices, and collaborate with knowledgeable teams across the business. The organisation is committed to fostering an inclusive environment that values your expertise and supports your professional growth through ongoing training opportunities and exposure to cutting-edge technologies such as FinTech, Artificial Intelligence, Big Data, and Cloud Computing. If you are passionate about information security and eager to make a meaningful impact in a supportive setting that encourages knowledge sharing and collaboration, this is the perfect next step for your career.

* Play a key role in developing and implementing robust technology risk frameworks across application, system, and third-party security domains, ensuring the highest standards of protection for critical assets.
* Collaborate closely with cross-functional teams to provide expert guidance on information security assessments, policy development, and compliance with industry regulations.
* Benefit from flexible working opportunities and continuous learning in an environment that values teamwork, knowledge sharing, and your professional development.

What you'll do:

As a Technology Risk Manager within the Information Security Control Division based in Hong Kong, you will be entrusted with significant responsibility for protecting the organisation’s digital assets. Your day-to-day activities will involve collaborating with various departments to review IT initiatives from a technology risk perspective; establishing robust policies for both application and system security; conducting thorough assessments using advanced tools; researching new trends in fintech; managing third-party vendor risks; delivering training; supporting policy formulation; evaluating IT risks; deploying controls; and responding swiftly to incidents. Success in this role will require you to apply your deep technical knowledge alongside strong interpersonal skills as you work together with colleagues across multiple functions. Your ability to communicate complex concepts clearly will help foster a culture of shared responsibility for information security throughout the business.

* Assist in reviewing IT initiatives by providing advisory services from a technology risk perspective to ensure all projects align with organisational risk appetite.
* Establish and review policies, guidelines, and procedures related to application security while offering practical guidance on vulnerability scanning and penetration testing.
* Conduct regular assessments on application security using industry-leading tools such as Fortify, AppScan, and open-source scanning solutions to identify potential risks.
* Research and evaluate emerging trends and technologies in information security and fintech areas including Artificial Intelligence, Big Data, Cloud Computing, and more.
* Plan and conduct comprehensive security assessments covering operating system platforms, middleware software, physical data centre environments, and fintech technologies.
* Drive third-party vendor security assessments focusing on compliance with regulatory requirements, internal controls, and company policies throughout onboarding and off-boarding processes.
* Communicate effectively with business units regarding third-party vendor risk issues or control gaps while recommending appropriate remediation initiatives.
* Deliver awareness training sessions on third-party vendor risk management frameworks to enhance understanding across the organisation.
* Assist senior managers in formulating information security policies, standards, and procedures while planning IT risk evaluations covering general controls, asset management, access controls, and endpoint reviews.
* Co-operate with system administrators to deploy information security controls or tools while leading remedial actions during security incidents.

What you bring:

To excel as a Technology Risk Manager within this esteemed financial institution’s Information Security Control Division, you will bring proven experience from similar roles where you have demonstrated your ability to assess risks holistically across applications, systems, vendors and physical environments. Your background should include hands-on involvement with regulatory compliance frameworks relevant to Hong Kong’s financial sector. You will possess excellent communication skills—both written and verbal—to engage effectively with stakeholders at all levels. Your technical acumen will be complemented by an empathetic approach that fosters trust among colleagues. A passion for continuous learning is vital given the rapidly evolving nature of cybersecurity threats. Your collaborative spirit will enable you to share knowledge generously while supporting others’ growth. Above all else, your dependability ensures that critical tasks are completed thoroughly so that the organisation remains resilient against emerging risks.

* A degree in Computer Science or a related discipline such as Information Systems provides you with a solid foundation for this role.
* Over four years of experience gained within IT security, technology risk management, compliance or IT audit functions at sizable financial institutions ensures you bring valuable insights.
* Holding at least one recognised professional qualification under HKMA enhanced competency framework (such as CISA, CISSP or CRISC) demonstrates your commitment to excellence.
* Familiarity with regulatory frameworks like HKMA TMG-1/TM-E-1, PCI-DSS or ISO 2700-series enhances your ability to navigate complex compliance landscapes.
* Proficiency in written and spoken English is essential for effective communication across diverse teams; Mandarin language skills are considered advantageous.
* Experience using industry-standard security testing tools (e.g., Fortify, AppScan) as well as open-source scanning solutions enables you to perform thorough assessments efficiently.
* Knowledge of DevSecOps methodologies along with best practices such as OWASP equips you to address modern application threats proactively.
* Understanding of system platform operations and architecture design allows you to contribute meaningfully to system-level security discussions.
* Demonstrated ability to deliver engaging training sessions on third-party vendor risk management helps raise awareness throughout the organisation.
* Flexibility in travelling ensures you can support business needs across different locations when required.

What sets this company apart:

This organisation stands out as one of Hong Kong’s most established financial institutions renowned for its unwavering commitment to technological advancement balanced by rigorous risk management practices. Employees benefit from being part of a large-scale operation where teamwork is celebrated—your contributions are valued not just individually but as part of a wider network dedicated to mutual success. The company invests heavily in staff development through structured training programmes designed to keep pace with industry changes. Flexible working arrangements are available where possible so that employees can maintain a healthy work-life balance. The workplace culture is inclusive: people from all backgrounds are welcomed warmly into supportive teams who share knowledge openly. With access to state-of-the-art resources—including exposure to innovative fintech solutions—you’ll find ample opportunities here for personal growth while making a tangible difference in safeguarding critical infrastructure.

What's next:

If you are ready to take your career in technology risk management further within an inclusive environment that values your expertise—this is your moment!

Apply today by clicking on the link provided—your next rewarding challenge awaits.