What Jobs are available for Technology Management in Hong Kong?

Key Responsibilities

• Conduct risk assessments and control reviews across IT infrastructure, applications, and cybersecurity domains
• Develop and maintain technology risk management frameworks, policies, and procedures
• Monitor key risk indicators and emerging threats, and escalate issues as appropriate
• Collaborate with IT, business units, and second-line functions to implement effective risk mitigation strategies
• Support regulatory engagements and ensure compliance with relevant guidelines (e.g., HKMA TM-G-1, GL-97)
• Provide advisory support on technology initiatives, including cloud adoption, digital transformation, and third-party risk
• Prepare risk reports and dashboards for senior management and governance committees
• Promote awareness of technology risk and foster a strong risk culture across the organisation

Requirements

• Bachelor's degree in Information Technology, Risk Management, or related discipline
• Professional certifications such as CISA, CRISC, CISSP, or equivalent are highly preferred.
• Solid understanding of IT controls, cybersecurity principles, and regulatory expectations in the banking sector
• Strong analytical, communication, and stakeholder engagement skills
• Fluent in English and Cantonese, Mandarin is an advantage

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or contact Christine Lau at WhatsApp)

Responsibilities:

• Manage Technology Risk Management processes to identify emerging or existing technology-related risks, measure impact, likelihood and direction of technology-related risks.
• Establish and review technology risk management policy, mechanism and tools of the Bank with reference to Head Office and regulatory requirements.
• Monitor first line of defense in applying technology risk management tools in identifying, assessing, monitoring and controlling technology risk, and provide appropriate opinion and guidance on necessary mitigation measures and remediation.
• Closely monitor any technology-related issues or incidents and control the risks through preventive, compensating and contingency measures.
• Assess the adequacy and effectiveness of the controls from technology risk perspectives during due diligence of new products/ service propositions and incident handling, provide advisory and recommendation on new technology solution of IT initiatives.
• Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial action(s).
• Oversight and challenge the IT security functions to ensure strict adherence to the corporate standards and regulatory requirements, and conduct regular technology risk profile review.
• Prepare regular management reports on technology risk profile of the bank.

Requirements:

• Bachelor Degree holder or above with major in Information Technology or related disciplines
• With 8 years or above banking experience and within which at least 6 year experience or above in IT security, technology risk or IT audit field of banking / financial industry
• Strong understanding of Technology Risk Management and functions of Second Line of Defense, broad knowledge of regulatory requirements, technology risk relevant controls and information security best practices.
• Customer-oriented with strong leadership, communication, interpersonal and negotiation skills.
• Holder of CISSP / CISA / CISM / CRISC certification is preferred.
• Attention to details, good analytical and interpersonal skills.
• Good communication skill (including in Cantonese, Mandarin, English). Proficiency in preparing presentation materials and reports in Chinese will be an advantage.
• Appropriate candidate with less experience could be considered as VP level.
• Be able to work independently and under pressure. Be a good team player.

Applicants who are not contacted within 8 weeks may consider their applications unsuccessful and their personal data will be retained by the bank for a period up to two years.

All information provided by applicants will be used for recruitment purposes only and will be used strictly in accordance with the bank's personal data policies, a copy of which will be provided upon request

JOB REFERENCE

BOCI00723

CONTRACT TYPE

Permanent

DIVISION

Information Technology

JOB FUNCTION

N/A

The Role

AVP/VP, Technology Risk Management, Information Technology

Key Accountabilities

• Risk Governance & Compliance
• Develop, review, and enforce IT risk management policies, standards, and procedures;
• Ensure compliance with internal risk policies and regulatory requirements in daily operations;
• Identify, assess, and mitigate IT risks through proactive monitoring and control measures.
• Risk Monitoring & Control
• Conduct risk assessments for IT operations and projects, ensuring proper risk escalation and approval processes.
• Incident Management & Investigation
• Lead root cause analysis (RCA) for IT security incidents, assessing impact, accountability, and remediation;
• Collaborate with IT teams and business units to address risks and implement appropriate actions.
• Risk Mitigation & Reporting
• Implement risk controls in alignment with the Three Lines of Defense model;
• Report risk exposures and mitigation progress to senior management and risk committees.
• Audits & Regulatory Coordination
• Manage internal/external IT risk audits, regulatory inspections, and compliance reviews;
• Drive security action for findings from regulators, internal audits, or major incidents;
• Prepare regulatory submissions (e.g., risk ratings, incident reports) as required.
• Security Awareness & Training
• Develop and deliver cybersecurity training programs to enhance staff awareness;
• Provide risk updates and recommendations to executive leadership.

Skills & Experience

• Bachelor's degree or higher in Computer Science, Information Technology, or a related field;
• 8+ years of experience in information security, technical risk management, or IT auditing; candidates with over 2 years of full time working experience in Hong Kong or overseas is considered as an advantage;
• Proficiency in Microsoft Word, PowerPoint, and Excel;
• Fluent in English, Cantonese, and Mandarin;
• Strong communication and coordination skills with a proactive work attitude;
• Professional certifications such as CISA, CISM, CISSP are preferred.

Other Information

• Please apply in strict confidence with full resume, academic record, current and expected salaries;
• The personal data provided will be used for consideration of recruitment only. All personal data of unsuccessful candidate will be destroyed within 24 months;
• Candidates with Enhanced Competency Framework (ECF): please state on the CV.

About BOCI

As a leading investment bank in China and Hong Kong region, the investment banking arm of Bank of China, BOC International Holdings Limited ("BOCI"), is now seeking highly motivated, creative and success-oriented professional who would like to pursue the career in our group.

Business Function
Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Responsibility

• Release Governance and Approval:

• Review and approve change requests (CRs) to ensure all mandatory artifacts are verified and attached to release tickets before implementation.

• Provide sign-off to proceed with deployments to various environments (e.g., UAT, Production).

• Review mandatory artifacts for production deployment and submit production change requests, ensuring they are solely for implementation, code promotion, or deployment.

• Release Coordination and Planning:

• Coordinate and plan releases, including preparing CR artifacts for approval.

• Manage all changes, including emergency changes, ensuring they are properly documented, justified, and approved.
• Monitor progress to ensure application releases are delivered on time.

• Coordinate releases based on service request backlogs, pending service requests, and updates from third-party applications or operating systems.

• Deployment Management:

• Trigger or perform production and disaster recovery (DR) deployments, particularly for external mobile applications.

• Perform live verification after production deployments are completed.

• Implement and manage releases through development, testing, and production environments

• Troubleshooting and Incident Management:

• Troubleshoot issues encountered during deployment, identify root causes, and resolve problems related to Continuous Integration/Continuous Delivery (CI/CD) and Release Automation frameworks.

• Intervene manually in cases of production rollback if automated rollback fails.

• Manage exceptions and ensure adherence to established processes, assisting in overriding and moving release tickets to a "Prod Ready" state during emergency change requests.

• Risk Management and Compliance:

• Ensure all mandatory artifacts, such as UAT sign-off, penetration testing results, security testing, source code verification, and regression testing, are verified and attached to JIRA release tickets before implementation.

• Ensure correct tests are executed to minimize the risk of deploying faulty code and provide insights into test execution for improved test coverage.
• Ensure change requests are approved and risks associated with deployments are managed, including robust rollback plans.

• Oversee mandatory scans and validation of binaries.

• Guidance and Documentation:

• Apply and adopt the company's SDLC Standard to deliver business applications.

• Provide clear fallback and rollback instructions and documents.

• Automation and Efficiency:

• Streamline regression testing processes by automating test case selection and improving overall efficiency and accuracy in testing, potentially leveraging natural language processing (NLP) to analyze Jira tickets and match them to relevant test cases.

Requirement
Skills And Qualifications

• Technical Skills:

• Expertise in Continuous Integration/Continuous Delivery (CI/CD) tools and pipelines.

• Strong understanding of version control and ensuring compatibility across different systems and applications.

• Ability to troubleshoot production environments.

• Process and Project Management Skills:

• Strong coordination skills to work effectively with developers, testers, and users.

• Proven experience in project management, ensuring timely delivery of application releases.
• Demonstrated ability in quality assurance, ensuring all mandatory artifacts are verified.

• Strong risk management capabilities, including the ability to manage change requests and develop rollback plans.

• Soft Skills:

• Excellent communication and collaboration skills to liaise with various teams and stakeholders

• Detail-oriented with strong organizational abilities

Preferred Qualifications (Non-Mandatory)

• Certifications such as PMP, PRINCE2, or ITIL are beneficial.
• Commitment to Continuous Professional Development (CPD) and Continuous Professional Training (CPT) to stay updated with industry best practices

Apply Now
We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.

We regret only shortlisted candidates will be notified.
Primary Location
Hong Kong-Two Harbour Square

Job
Technology

Schedule
Regular

Job Type
Full-time

Job Posting
Sep 24, 2025, 8:00:00 AM

About the role

This role is part of a regional Technology Risk Management team. The successful candidate will be responsible for ensuring that information and technology risks are properly identified, assessed, and managed in line with the company's objectives and risk appetite.

Summary of the role and key responsibilities

• Identify and assess risks in our technology systems and processes.
• Recommend solutions to reduce these risks.
• Check that our security tools and processes are working effectively.
• Ensure we follow technology laws and internal security rules.
• Work with teams across the company to help them manage their technology risks.
• Report on risk levels to senior management.
• Help build and maintain our technology risk management program.
• Set up ways to measure and track technology risk.
• Promote a culture of smart risk management within the company.

Key skills required

• A university degree in a technology-related field (e.g., Information Technology, Computer Science).
• One or more relevant professional certifications in areas such as CRISC, CISA, ITIL Foundation, PRINCE2, PMP, Microsoft Azure Solutions Architect, (ISC)² CCSK, CompTIA Cloud Essentials, CISSP, CISM, CompTIA Security+
• Must have:
  Artificial Intelligence (AI) technologies and related risks and Data Governance and data security
• Strong advantage if you have experience in Cloud Technologies (PaaS, IaaS, SaaS), DevOps / DevSecOps and CI/CD processes, API Management and security, Robotic Process Automation (RPA), Agile Development methodologies, Mobile Device and Application Management
• A background in the Financial Services industry is a must
• Very strong interpersonal skills

How to apply

If you are interested in discussing this role further, please apply for the position or contact Christy Zhang at (Job code

If you require any adjustments, accommodation, or additional support during the recruitment process, please do not hesitate to let us know.
Click here
to learn more about our commitments to accessible recruitment.

Privacy policy

Personal data collected will be used for recruitment purposes only. By applying for this position, you consent to the collection, use, and disclosure of your personal data to Elliott Scott HR Recruitment Ltd. and all relevant third parties for the purpose of processing your application. Your personal data will be processed in accordance with our
Privacy Policy
.

*Who We Are *
Enterprise Technology Risk Management (ETRM) organization is part of Enterprise Risk Management organization in State Street Corporation (SSC). ETRM in its capacity as Second Line of Defence (SLOD) is responsible for thought leadership, oversight, monitoring, and advisement around the discovery and remediation of Technology Risk and Cybersecurity Risk.

*Who We Are Looking For *
We seek a seasoned Technology and Cyber Risk Management Leader with over 15 years of experience in the financial services or technology sectors. The role will report to the Global Head of Enterprise Technology Risk Management. The ideal candidate will excel in identifying, managing, and monitoring technology and cyber risks through effective risk management processes, frameworks, and policies for the APAC region.

This role will involve communication with all levels of First Line teams, management, and senior executives in IT, Business Units, Enterprise Risk Management (ERM), and other corporate functions at both APAC and global levels. Exceptional interpersonal and communication skills are essential, along with the ability to convey technology risks to non-technical audiences. Proficiency in Mandarin is required.

Candidates should demonstrate strong initiative, perform well under pressure, and manage multiple diverse assignments. Prior experience with APAC regulators (e.g., Australia, Japan, China, Hong Kong, Singapore) is highly desired. Experience in Cyber and Information Security, Cloud Risk Management (AWS, Azure), and Technology and Operational Resilience is required.

Why this role is important to us
The ETRM team is critical to our organization's success. Our mission is to establish a world-class Technology and Cyber Risk Management Oversight program that aligns business and technology strategies for effective decision-making. As we undergo significant transformations and risk reduction initiatives, you will provide thought leadership and support to both ETRM peers and APAC stakeholders (business and corporate areas) of the various jurisdictions.

*What You Will Be Responsible For *
As the ETRM advisor for the APAC region, you will be responsible for:

• Technology Risk and Cyber Risk Management

• Lead and support functions within the ETRM Service Catalogue, including real-time risk oversight, technology targeted risk assessments, Material Risk Identification, Regulatory Audit and Client Engagements, Risk Reporting.

• Advise and/or support on technology risk and regulatory matters for the APAC community.
• Collaborate with ETRM Risk professionals to align with the broader Enterprise / Operational Risk Management Programs and mandates at global level. At regional level, develop and maintain APAC relationships with Business and IT stakeholders. Partner with APAC ERM team to assure the firm's technology risks and non-compliance are proactively identified, prudently managed (monitored and effectively challenged).
• Develop effective communication channels for measuring and escalating technology risk exposure.
• Evaluate IT Security risks arising from control inefficiencies in APAC Legal Entities (LE).
• Ensure reporting is properly balanced between perspectives of global ETRM opinion and the local Authorities.
• Participate in due diligence for new clients, vendors and M&A activities.
• Monitor emerging technology risks and trends in financial services.
• Deliver assignments and projects independently and on time.

• Prepare presentations for Management, Risk committees and Board meetings.

• Governance and Oversight

• Oversee governance, policy and framework execution across the APAC region, ensuring alignment with global frameworks.

• Support the development of technology risk oversight and embed the ETRM and practices.
• Oversee communication with APAC regulators in alignment with the ETRM program.

• Report with appropriate and timely information for the committees/Boards to effectively discharge their responsibilities

• Risk Excellence and Education/Awareness

• Foster a culture of effective challenge throughout the organization.

• Provide consulting on technology risk management and ongoing guidance aligned with ETRM strategy.
• Stayed informed on regulatory developments and their impacts on State Street in APAC.
• Conduct training on technology risk management

*What We Value *

• Collaborative approach to maximize positive impact and synergy
• Exceptional communication and interpersonal skills
• Ability to influence and implement decisions
• Flexibility to accommodate business hours across APAC (i.e., Australia, Japan/Korea).
• Strategic mindset to connect various aspects and initiatives for a holistic risk and control environment
• Ability to be a strong voice for review and challenge while continuing to maintain positive relationships with stakeholders
• Strong multitasking skills and ability to navigate competing priorities
• Effective relationships management across diverse cultural groups

*Primary Skills (Must Have) *

• In-depth knowledge of APAC Technology Regulatory Requirements (e.g., APRA, HKMA, MAS); Experience with regulatory exams and responses is strongly desired.
• Experience in IT audits or risk assessments, Information Technology General Controls (ITGC) and cybersecurity controls. Familiarity with Information Security Frameworks (e.g., NIST, ISO 27000, CSA Cloud Control Matrix) and ITIL practices
• Extensive experience in IT & Cyber Security products and solutions.
• Ability to articulate technical issues to non-IT stakeholders and business perspective to IT stakeholders
• Strong communication, negotiation, and presentation skills, with cross-cultural competencies
• Proficient in Microsoft Suite, Adobe Acrobat Reader, Zoom, and Teams.

*Education & Preferred Qualifications *

• Minimum 15 years of experience in the financial and/or technology industries.
• Strong project management, critical thinking, problem-solving, and decision-making abilities.
• Experience in IT risk management, compliance or audit, including control framework design & implementation.
• Ability to read and understand regulations of Chinese language as well as verbal fluency in Putonghua.
• Familiarity with Emerging Technologies (e.g., AI, Cloud, FinTech, Digital Assets) and professional IT certifications (e.g., CGEIT, CISA, CISM, CISSP, CCSP, COBIT, CRISC and ITIL) would be advantageous.
• Experience with data analytics and GRC tools, including Tableau and Power BI, is a plus.
• Undergraduate or advanced degree in a technology discipline

Are you the right candidate? Yes
We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don't necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit.

*About State Street
What we do. *
State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we are making our mark on the financial services industry. For more than two centuries, we have been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow.
We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance, and savings plans, among other perks. You will have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility.
We truly believe our employees' diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer. Discover more at

*About State Street *
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at

Read our CEO Statement

Job ID: R-

Location:
Taipo (onsite free parking)

Roles and Responsibilities:

• Lead end-to-end solution delivery projects for IT Infrastructure and Operations
• Collaborate with different business units and stakeholders across various levels in the Company to deliver project objectives
• Manage post Go-live hyper care and ensure seamless transition to operations with focus on knowledge transfer and sufficient documentation
• Communicate with key stakeholders and provide consolidated reporting of project status, risks and issues
• Maintain continuous improvement of ITSM processes
• Collaborate with cybersecurity teams to perform emergency patching in a timely manner
• Contribute to the development of the workplace technology, technical methodologies, best practices, policies, procedures and associated documentations
• Develop, test and maintain software packages for distribution to user desktops, troubleshooting and resolving issues as they arise
• Design, promote and execute learnings and trainings, and drive participation and completion rate

Requirements:

• Bachelor degree in IT or related disciplines
• 12+ years of related technical experience with 5 years in managing teams
• Fluent in English and Putonghua, other language skills will have additional advantages
• PMP, ITIL, or relevant certifications are highly desirable
• Self-motivated, action and result oriented
• Well organized, good communication and reporting skills
• Strong team collaboration and interpersonal skills with multi-disciplined staff at all levels
• Strong understanding of enterprise-level technology infrastructure, digital workplace architectures and integration methodologies
• Knowledge and experience in managing Windows PC and Mobile in an enterprise environment, including support/ break-fix/ image-&-re-image / patch and any automated tools, e.g MECM, Intune and Autopilot
• Knowledge and experience in managing Windows OS deployment and application packaging
• Knowledge and experience in supporting virtual desktop
• Familiar with cloud-hosted products such as Microsoft 365 (M365)
• Experience in interacting with software and hardware external vendors
• Proficient in project management methodologies and tools, with a track record of delivering projects on time and within budget
• Able to effectively prioritize and execute tasks in a high-pressure environment
• Able to follow through tasks until completion as a team

Come join our global, inclusive & diverse team
Our purpose is to improve the quality of life of everyone we touch through our innovative motion systems. We are a truly global team bound together by our shared values. Our culture is built on the diversity, knowledge, skills, creativity, and talents that each employee brings to the company. Our people are our company's most valuable asset. We are committed to providing an inclusive, diverse and equitable workplace where employees of different backgrounds feel valued and respected, regardless of their age, gender, race, ethnicity or religious background. We are committed to inspiring our employees to grow, act with ownership and find fulfilment and meaning in the work they do.

Job Description:

1.Business Operations Management:

• Develop and implement international business strategic plans and annual operational plans, driving the achievement of business goals and optimizing operational processes to improve efficiency.
• Lead the full lifecycle management of international projects, including the development of project plans, progress control, risk management, and cross-team collaboration, ensuring high-quality project delivery.
• Establish and improve the international business data analysis system, monitor key performance indicators (KPIs), and leverage data analysis to identify business opportunities and challenges, proposing targeted optimization solutions and driving their implementation.
• Track industry trends and competitor dynamics, and formulate business expansion strategies in conjunction with market demands, driving the successful commercialization of new products/services.
• Build and refine the compliance management framework for international business, developing compliance policies, processes, and operational guidelines to ensure adherence to domestic and international laws, regulations, industry standards, and internal control requirements.

2.Compliance Operation:

• Develop and implement international business strategic plans and annual operational plans, driving the achievement of business goals and optimizing operational processes to improve efficiency.
• Lead the full lifecycle management of international projects, including the development of project plans, progress control, risk management, and cross-team collaboration, ensuring high-quality project delivery.
• Establish and improve the international business data analysis system, monitor key performance indicators (KPIs), and leverage data analysis to identify business opportunities and challenges, proposing targeted optimization solutions and driving their implementation.
• Track industry trends and competitor dynamics, and formulate business expansion strategies in conjunction with market demands, driving the successful commercialization of new products/services.
• Build and refine the compliance management framework for international business, developing compliance policies, processes, and operational guidelines to ensure adherence to domestic and international laws, regulations, industry standards, and internal control requirements.
• Identify, assess, and mitigate compliance risks in international business operations, implementing risk management measures and maintaining continuous monitoring to ensure safe and stable business development.
• Conduct compliance audits and inspections, performing specific audits on critical projects or high-risk areas, monitoring the progress of issue rectifications, and reducing compliance risk exposure.
• Collaborate with internal teams to review company policies, contracts, and business processes, providing compliance recommendations to ensure alignment with international compliance standards.
• Coordinate the regular compilation of internal compliance handbooks and guidelines, enhancing compliance education and guidance.
• Organize and carry out compliance audits for key projects, continuously tracking identified issues and the progress of rectifications.
• Collaborate with group audit and internal regulatory departments to address and resolve issues within the specified timeframe.
• Conduct regular compliance investigations on internal policy documents, orders, etc., monitor departmental compliance status, and produce relevant reports.

Job Requirements:

• Bachelor's degree or above, preferably in Computer Science, Communications, Information Technology, Management, or Law.
• 5+ years of experience in business operations, compliance management, or related fields; telecommunications industry experience is preferred.
• Strong analytical skills and proficiency in using data analysis tools.
• Excellent English communication skills, with the ability to conduct daily communications fluently.
• Strong sense of responsibility and stress management skills, with the ability to adapt to international travel.
• Global vision and cross-cultural communication skills.
• High professional ethics and standards.

Preferred Qualifications:

• Overseas study or work experience.
• Relevant certifications such as PMP, CIPP/E, ITIL.
• Familiarity with DICT (Digital Information and Communications Technology) business models or international operations of telecommunications carriers.

Interested parties please send your full resume with current & expected salary by apply now. Please indicate the reference number in the subject line.

All personal data provided will be used for consideration of your job application only.