Senior Tech Risk Manager

Your day-to-day responsibilities will involve collaborating with various teams to develop robust frameworks for managing cyber security risks while ensuring compliance with industry regulations. You will have the opportunity to shape policies that protect sensitive data assets, lead comprehensive assessments of IT controls, and provide expert advice on mitigating vulnerabilities.

Responsibilities:

• Participate actively in infrastructure and cyber security projects by contributing to the design, development, and implementation of effective solutions that safeguard organisational assets.
• Assist in planning comprehensive technology-related risk management strategies, processes, and work plans that align with regulatory requirements and business objectives.
• Formulate, update, and manage information security policies, standards, and procedures to ensure compliance with best practices and evolving threats.
• Plan and conduct thorough information security assessments as well as IT risk evaluations covering areas such as IT general controls, information asset management, access controls, and regular security reviews.
• Support business units and cross-functional teams by identifying potential information security risks and providing guidance on mitigation strategies tailored to specific operational needs.
• Communicate clearly with business units regarding information security risk issues or control gaps while recommending practical remediation initiatives that foster a secure environment.
• Create engaging information security awareness training programmes for all employees, contractors, and approved system users to promote a culture of vigilance throughout the organisation.
• Collaborate closely with external auditors and regulators to ensure all compliance obligations are met efficiently and transparently.
• Monitor emerging threats within the technology landscape and proactively recommend enhancements to existing controls or processes as needed.
• Maintain detailed documentation of risk assessments, policy updates, training activities, and incident responses for audit purposes.

Requirements:

• Hold a degree in Computer Science, Information Systems or a related discipline which provides you with a solid foundation in technical concepts relevant to this field.
• Possess over three years of experience in IT security, technology risk management or system development management roles where you have demonstrated your ability to navigate complex challenges effectively.
• Demonstrated experience working collaboratively with regulators and external auditors ensures you can manage compliance requirements confidently.
• Holding at least one recognised professional qualification under SFC enhanced competency framework such as CISA, CISSP, CISM or CCSP is preferable as it highlights your commitment to professional excellence.
• Exhibit excellent command of written and spoken English; proficiency in Mandarin is also considered advantageous for communicating across diverse teams.
• Showcase your ability to work dependably both independently and within interdependent teams while displaying genuine passion for information security and cyber security advancement.
• Display strong interpersonal skills that enable you to connect with colleagues at all levels of the organisation when discussing sensitive topics or delivering training sessions.
• Demonstrate sensitivity towards emerging risks within the technology landscape by staying updated on industry trends through continuous learning initiatives.