Senior Technology Risk Manager (Cyber Security)

Your day-to-day activities will involve close collaboration with various departments to develop forward-thinking policies that address current and future risks. You will lead efforts in conducting rigorous assessments across diverse technology environments—ranging from on-premises infrastructure to cloud platforms—and play a central role in orchestrating incident response operations.

SENIOR TECHNOLOGY RISK MANAGER – CYBER SECURITY CONTROL DIVISION

Salary: Competitive and based on experience
Location: Hong Kong

Keywords: cyber security, technology risk management, incident response, compliance standards, penetration testing, cloud security, vulnerability assessment, cross-functional collaboration, regulatory frameworks, AI and machine learning

A leading financial institution in Hong Kong is seeking a Senior Technology Risk Manager to join their Cyber Security Control Division. This is an exceptional opportunity for you to play a pivotal role in shaping the cyber security landscape of a major organisation, where your expertise will directly influence the safety and resilience of critical information assets. You will be empowered to drive the development and implementation of robust cyber security policies, collaborate with talented professionals across multiple regions, and stay at the forefront of emerging threats and technologies. The organisation offers a supportive environment that values continuous learning, professional growth, and cross-border exposure, making this an ideal position for those passionate about advancing their career in technology risk management within the financial sector.

* Take ownership of cyber security policy formulation and risk management strategies, ensuring alignment with global best practices and regulatory requirements while working alongside experienced teams.
* Engage in high-impact projects including penetration testing, vulnerability assessments, incident response operations, and regional cyber security exercises that span across Asia Pacific and Mainland China.
* Benefit from a collaborative culture that encourages knowledge sharing, ongoing training opportunities, and exposure to cutting-edge technologies such as AI-driven security solutions and advanced threat intelligence.

What you'll do:

As a Senior Technology Risk Manager – Cyber Security Control Division based in Hong Kong, you will be entrusted with significant responsibility for safeguarding the organisation’s digital assets. Your day-to-day activities will involve close collaboration with various departments to develop forward-thinking policies that address current and future risks. You will lead efforts in conducting rigorous assessments across diverse technology environments—ranging from on-premises infrastructure to cloud platforms—and play a central role in orchestrating incident response operations. By engaging in regional exercises and staying abreast of industry trends, you will help ensure that the organisation remains resilient against sophisticated threats. Your ability to communicate effectively with stakeholders at all levels will be crucial as you guide teams through complex risk scenarios while fostering a culture of continuous improvement.

* Formulate, review, and manage comprehensive cyber security policies, standards, and procedures to ensure organisational compliance with internal and external requirements.
* Assist in planning technology-related risk management strategies by developing processes and work plans that address evolving cyber threats.
* Participate actively in the design, development, and implementation phases of key cyber security projects to enhance overall protection measures.
* Plan and conduct thorough cyber security assessments and IT risk evaluations covering areas such as IT general controls, information asset management, access controls, cloud/server/endpoint/network/middleware security reviews.
* Support the execution of security initiatives to maintain compliance with corporate information security policies as well as local and international compliance standards.
* Organise and conduct penetration tests, red/blue/purple teaming exercises, vulnerability assessments, validation controls for both local and overseas entities to identify potential risks.
* Provide operational support for cyber security incident response activities by collaborating closely with local and regional Security Operations Centre (SOC) teams to improve daily monitoring, analysis, investigation, and response protocols.
* Coordinate cross-country cyber incident response drills to ensure preparedness for large-scale or complex incidents affecting multiple jurisdictions.
* Serve as a subject matter expert by supporting business units and cross-functional teams in identifying cybersecurity risks, discussing control gaps, and proposing effective remediation strategies.
* Research the latest developments in cyber threats and threat intelligence to keep the organisation informed about new risks while evaluating innovative solutions.

What you bring:

To excel as a Senior Technology Risk Manager – Cyber Security Control Division, you will bring not only technical acumen but also proven experience navigating complex regulatory environments within large financial institutions. Your background should reflect hands-on involvement in designing robust control frameworks while demonstrating sensitivity towards evolving compliance requirements. A passion for continuous learning—especially regarding emerging technologies like AI-driven threat detection—will set you apart. Your interpersonal skills will enable you to build trust-based relationships across business units while your analytical mindset ensures thorough evaluation of risks. Adaptability is key as you may be called upon to participate in regional initiatives or respond swiftly during incidents. Above all else, your dedication to upholding the highest standards of integrity will reinforce the organisation’s reputation as a trusted leader in financial services.

* A degree in Computer Science, Information Systems or a related discipline provides you with a strong technical foundation essential for this role.
* At least two years’ experience in IT security, technology risk management, compliance or IT audit functions gained within sizable financial institutions ensures you are familiar with industry challenges.
* Possession of at least one recognised professional qualification under HKMA enhanced competency framework such as CISA, CISSP or CISM demonstrates your commitment to professional excellence.
* Additional industry-recognised certifications such as OSCP/OSCE/OSWE/OSEE/GXPN/GPEN/GCPN/GCIH/GSOC/GCFA/OSDA/CCIE/CCNP are highly desirable for candidates aiming to stand out.
* Familiarity with regulatory frameworks including HKMA TM-E-1/TM-C-1/TM-G-1/C-RAF/PCI-DSS/ISO 27001/PDPO/NIST/MITRE ATT&CK/OWASP is advantageous for navigating compliance landscapes.
* Hands-on experience with technologies such as Firewall, IDS/IPS/WAF/DNS Security/Email Security/SIEM/SOAR/DLP/UEBA/BAS/XDR/Deception/Generative AI/Machine Learning/Application of AI/ML/LLM/MCP/RAG libraries in Python is preferable for addressing modern threats.
* Proven track record coordinating cross-country cyber incident response drills highlights your ability to manage complex scenarios involving multiple stakeholders.
* Experience managing SOC operations including offensive security/container security/CSPM/threat hunting/OSINT/dark web monitoring/malware analysis/secops/digital forensics/attack surface management/cloud/on-premises anti-DDoS solution/threat modeling/supply chain cybersecurity/vulnerability management is highly valued.
* Willingness to travel occasionally across Asia Pacific region (including Shenzhen and Shanghai) for regional assessments or training exercises shows your flexibility and commitment.
* Excellent command of written and spoken English is required; proficiency in Mandarin is considered an advantage for effective communication across regions.

What sets this company apart:

This institution stands out due to its unwavering commitment to technological advancement paired with a deep-rooted culture of collaboration. Employees benefit from extensive training opportunities designed to foster both personal growth and professional development. The organisation’s inclusive approach ensures that every team member’s voice is heard—encouraging open dialogue around new ideas while supporting flexible working arrangements when possible. With access to state-of-the-art tools and resources—including advanced AI-powered solutions—you’ll have everything needed to stay ahead of industry trends. The company’s regional presence means you’ll gain valuable exposure through cross-border projects while contributing meaningfully towards building safer digital ecosystems throughout Asia Pacific. If you are looking for an environment where your contributions are valued and your career can flourish alongside knowledgeable colleagues who share your passion for cyber security excellence, this is the place for you.

What's next:

If you are ready to take on this rewarding challenge where your expertise can make a real difference in protecting critical assets on a global scale, we encourage you to apply now!

Apply today by clicking on the link provided – seize this opportunity to advance your career within one of Hong Kong’s most respected financial institutions.