What Jobs are available for Technology Risk in Hong Kong?

Your day-to-day activities will involve collaborating with various departments to review IT initiatives from a technology risk perspective; establishing robust policies for both application and system security; conducting thorough assessments using advanced tools; researching new trends in fintech; managing third-party vendor risks; delivering training; supporting policy formulation; evaluating IT risks; deploying controls; and responding swiftly to incidents.

TECHNOLOGY RISK MANAGER

Salary: Competitive and based on experience

Location: Hong Kong

Keywords: technology risk, information security, application security, system security, third-party security, compliance, risk management, IT audit, security assessment

An exceptional opportunity has arisen for a Technology Risk Manager to join a highly respected financial institution in Hong Kong, within their Information Security Control Division. This role offers you the chance to play a pivotal part in shaping and safeguarding the organisation's technology landscape, working at the forefront of application, system, and third-party security. You will be empowered to influence policy, drive best practices, and collaborate with knowledgeable teams across the business. The organisation is committed to fostering an inclusive environment that values your expertise and supports your professional growth through ongoing training opportunities and exposure to cutting-edge technologies such as FinTech, Artificial Intelligence, Big Data, and Cloud Computing. If you are passionate about information security and eager to make a meaningful impact in a supportive setting that encourages knowledge sharing and collaboration, this is the perfect next step for your career.

* Play a key role in developing and implementing robust technology risk frameworks across application, system, and third-party security domains, ensuring the highest standards of protection for critical assets.

* Collaborate closely with cross-functional teams to provide expert guidance on information security assessments, policy development, and compliance with industry regulations.

* Benefit from flexible working opportunities and continuous learning in an environment that values teamwork, knowledge sharing, and your professional development.

What you'll do:

As a Technology Risk Manager within the Information Security Control Division based in Hong Kong, you will be entrusted with significant responsibility for protecting the organisation's digital assets. Your day-to-day activities will involve collaborating with various departments to review IT initiatives from a technology risk perspective; establishing robust policies for both application and system security; conducting thorough assessments using advanced tools; researching new trends in fintech; managing third-party vendor risks; delivering training; supporting policy formulation; evaluating IT risks; deploying controls; and responding swiftly to incidents. Success in this role will require you to apply your deep technical knowledge alongside strong interpersonal skills as you work together with colleagues across multiple functions. Your ability to communicate complex concepts clearly will help foster a culture of shared responsibility for information security throughout the business.

* Assist in reviewing IT initiatives by providing advisory services from a technology risk perspective to ensure all projects align with organisational risk appetite.

* Establish and review policies, guidelines, and procedures related to application security while offering practical guidance on vulnerability scanning and penetration testing.

* Conduct regular assessments on application security using industry-leading tools such as Fortify, AppScan, and open-source scanning solutions to identify potential risks.

* Research and evaluate emerging trends and technologies in information security and fintech areas including Artificial Intelligence, Big Data, Cloud Computing, and more.

* Plan and conduct comprehensive security assessments covering operating system platforms, middleware software, physical data centre environments, and fintech technologies.

* Drive third-party vendor security assessments focusing on compliance with regulatory requirements, internal controls, and company policies throughout onboarding and off-boarding processes.

* Communicate effectively with business units regarding third-party vendor risk issues or control gaps while recommending appropriate remediation initiatives.

* Deliver awareness training sessions on third-party vendor risk management frameworks to enhance understanding across the organisation.

* Assist senior managers in formulating information security policies, standards, and procedures while planning IT risk evaluations covering general controls, asset management, access controls, and endpoint reviews.

* Co-operate with system administrators to deploy information security controls or tools while leading remedial actions during security incidents.

What you bring:

To excel as a Technology Risk Manager within this esteemed financial institution's Information Security Control Division, you will bring proven experience from similar roles where you have demonstrated your ability to assess risks holistically across applications, systems, vendors and physical environments. Your background should include hands-on involvement with regulatory compliance frameworks relevant to Hong Kong's financial sector. You will possess excellent communication skills-both written and verbal-to engage effectively with stakeholders at all levels. Your technical acumen will be complemented by an empathetic approach that fosters trust among colleagues. A passion for continuous learning is vital given the rapidly evolving nature of cybersecurity threats. Your collaborative spirit will enable you to share knowledge generously while supporting others' growth. Above all else, your dependability ensures that critical tasks are completed thoroughly so that the organisation remains resilient against emerging risks.

* A degree in Computer Science or a related discipline such as Information Systems provides you with a solid foundation for this role.

* Over four years of experience gained within IT security, technology risk management, compliance or IT audit functions at sizable financial institutions ensures you bring valuable insights.

* Holding at least one recognised professional qualification under HKMA enhanced competency framework (such as CISA, CISSP or CRISC) demonstrates your commitment to excellence.

* Familiarity with regulatory frameworks like HKMA TMG-1/TM-E-1, PCI-DSS or ISO 2700-series enhances your ability to navigate complex compliance landscapes.

* Proficiency in written and spoken English is essential for effective communication across diverse teams; Mandarin language skills are considered advantageous.

* Experience using industry-standard security testing tools (e.g., Fortify, AppScan) as well as open-source scanning solutions enables you to perform thorough assessments efficiently.

* Knowledge of DevSecOps methodologies along with best practices such as OWASP equips you to address modern application threats proactively.

* Understanding of system platform operations and architecture design allows you to contribute meaningfully to system-level security discussions.

* Demonstrated ability to deliver engaging training sessions on third-party vendor risk management helps raise awareness throughout the organisation.

* Flexibility in travelling ensures you can support business needs across different locations when required.

What sets this company apart:

This organisation stands out as one of Hong Kong's most established financial institutions renowned for its unwavering commitment to technological advancement balanced by rigorous risk management practices. Employees benefit from being part of a large-scale operation where teamwork is celebrated-your contributions are valued not just individually but as part of a wider network dedicated to mutual success. The company invests heavily in staff development through structured training programmes designed to keep pace with industry changes. Flexible working arrangements are available where possible so that employees can maintain a healthy work-life balance. The workplace culture is inclusive: people from all backgrounds are welcomed warmly into supportive teams who share knowledge openly. With access to state-of-the-art resources-including exposure to innovative fintech solutions-you'll find ample opportunities here for personal growth while making a tangible difference in safeguarding critical infrastructure.

What's next:

If you are ready to take your career in technology risk management further within an inclusive environment that values your expertise-this is your moment

Apply today by clicking on the link provided-your next rewarding challenge awaits.

Roles and Responsibilities & Specific Requirements (Application Security):

• Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
• Assist to establish and review policies, guidelines, procedures in application security area
• Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
• Conduct regular assessment on application security
• Familiar with security testing tools e.g. Fortify, AppScan and Open Source Scanning tools, technologies on DevSecOps and industry good practice OWASP is preferable

Roles and Responsibilities & Specific Requirements (System Security):

• Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc.
• Conduct regular assessment on OS platform security & middleware software security
• Plan and conduct security assessment in area of physical security (e.g.: data center security)
• Assist to establish and review policies, guidelines, procedures in system security、physical security and fintech technology security area
• Familiar with system platform operation and system architecture design is preferable

Roles and Responsibilities & Specific Requirements (Third-Party Security):

• Drive security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
• Oversee information security risk management processes for onboarding and off-boarding of third-party vendor relationships.
• Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
• Provide awareness by conducting training on third-party vendor risk management framework.
• Contribute to internal practice development initiatives and technology risk knowledge base
• Stay informed about latest developments in third-party vendor risk management field.

Roles and Responsibilities & Specific Requirements (Information Security):

• Assist senior manager to formulate and manage information security policies, standards and procedures.
• Plan and conduct information security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls and endpoint security review, etc.
• Plan and carry out various information security assurance activities, such as computer accounts re-certification.
• Review the initiation of security configuration changes, such as access rules, data leakage prevention policies.
• Co-operates with system administrators to deploy various information security controls or tools, and take lead to conduct appropriate remedial action on security incidents.
• Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating information security risks and/or control gaps, and recommends remediation initiatives.

General Job Requirements:

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
• 4 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
• Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
• Familiar with HKMA TMG-1, TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
• Good command of written and spoken English with Mandarin is preferable and
• Good communication and interpersonal skills;
• Flexibility in traveling.
• Candidate with less experience will be considered as Assistant Manager.

Roles and Responsibilities

• Conduct regular IT risk and compliance assessment in overseas branches and coordinate overseas branch to perform technology risk self-assessment.
• Collect key risk indicator information from overseas branches and perform analysis.
• Responsible for supervising overseas branch on those issues arising from any independent assessment from regulatory inspections, external or internal audit, or other third parties and tracking their remediation activities
• Influence and drive oversea branches on technology risk management initiatives in alignment with group policies and standards
• Proactively communicate with overseas branches to understand update-to-date local regulatory requirement.
• Keep abreast with latest threats, vulnerabilities, mitigation and industry best practices
• Conduct technology risk and information security awareness training to staffs in oversea branches

Job Requirements

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
• 3 years of experience in IT security, technology risk, risk management, system development management, compliance or IT audit function, gained from other sizable financial institutions. Candidate with less experience will be considered as Analyst
• Demonstrated experience working with the regulators in the region, articulate in local regulations and laws pertaining to IT Risk would be an advantage
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM) , Certified in Risk and Information Systems Control (CRISC) , Certified Internal Auditors (CIA) is preferable.
• Good command of written and spoken English with Mandarin is preferable.
• Flexibility in traveling
• Independent and strong self-initiative.

About the Role

Our client is a leading cryptocurrency exchange, seeking a highly technical
Technology Risk Lead
who will serve as the bridge between hands-on security engineering and risk/stakeholder management. While the role is positioned under technology risk, the day-to-day focus will be deeply technical—designing, implementing, and operationalizing security controls, with a strong emphasis on automation and compliance as code. This position is ideal for a seasoned engineer with proven expertise in cyber security, DevOps, and cloud-native environments, who is now ready to expand into stakeholder engagement and risk leadership.

Responsibilities

• Lead the design, deployment, and automation of security and compliance controls ("compliance as code").
• Act as a hands-on technical security expert across AWS and Kubernetes environments.
• Write and maintain code/scripts to operationalize security and risk controls.
• Serve as a 1.5 line of defense partner: providing technical assurance, validating control effectiveness, and ensuring operational readiness.
• Collaborate with stakeholders across engineering, compliance, and business functions to translate risk requirements into practical solutions.
• Deliver clear, concise, and actionable reporting to senior stakeholders on technology risk posture and control maturity.
• Provide technical leadership and mentorship within the cyber security and DevOps teams.
• Monitor and assess emerging threats, tools, and technologies to strengthen security operations.

Qualifications

• 12+ years of experience in cyber security with significant hands-on engineering expertise.
• 5+ years of DevOps experience, with a strong focus on cloud-native platforms (AWS, Kubernetes).
• Proven coding skills in one or more languages (e.g., Python, Go, Java, or similar) applied to security automation and compliance as code.
• Strong knowledge of operational security controls, frameworks, and risk management practices.
• Demonstrated ability to engage with and influence stakeholders across technical and business domains.
• Experience in a line of defense model, particularly 1.5 LoD or equivalent assurance functions.
• Excellent communication and reporting skills, with the ability to simplify complex technical risks for non-technical audiences.

Preferred Skills

• Experience with CI/CD pipelines and integrating security controls.
• Familiarity with container security, infrastructure as code (Terraform, CloudFormation), and security tooling integrations.
• Prior exposure to regulated industries and compliance frameworks (e.g., ISO, SOC2, NIST, PCI-DSS).
• Experience with cryptocurrency exchanges is a plus.

Pay range and compensation package

Competitive salary based on experience and qualifications.

Equal Opportunity Statement

We are an equal opportunity employer and are committed to fostering a diverse and inclusive workplace. We encourage applications from individuals of all backgrounds and experiences.

Responsibilities:

• Maintain corporate-wide technology risk management and cyber resilience policy and process in compliance with the regulator's requirements;
• As a second line of defense, assist risk owners in identifying and measuring risks to build a corporate-wide cyber and technology risks profile;
• Assist senior management in overseeing cyber and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment;
• Perform thematic review over bank technology-related operation and provide advisory towards new products or services
• Review residual risk level and control effectiveness to make recommendation for risk treatment;
• Assist team head to interpret key risk statistics for reporting to senior management on regular basis;
• Assist the coordination for evaluation on emerging cyber threat scenario for continuous improvement on cyber security response preparation for Business Continuity Management (BCM);
• Promote security awareness and ensure compliance with applicable security standards;
• Keep abreast of cyber threat trend to gauge the prevailing cyber threat landscape, and make recommendation on improving the bank risk posture;
• Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new technologies and standard with reference to prevailing industry best practices;
• Assist senior management overseeing the technology related incident management.

Requirement:

• University degree preferably in information technology, information security or related discipline;
• Minimum 5 years of experience in information security, technology risk management or IT Audit field;
• Holder of cybersecurity certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred;
• Practical experience and knowledge in risk management framework and methodology;
• Knowledge in control frameworks such as C-RAF, TM-E-1, TM-G-1, SA-2 and relevant circulars published by the HKMA, SWIFT Customer Security Programme, PCI DSS, etc. are preferred;
• Experience in working for major financial institutions; and
• A good team player with sound interpersonal and communication skills, good command of English language and proficiency in Mandarin.

Applicants who are not invited for an interview within the 8 weeks after submission of application may assume their applications unsuccessful. We may review applications received for suitability for other posts within the Company. All personal data provided will be treated in strict confidence and used strictly for recruitment-related purposes only. We shall retain the personal data of unsuccessful applicants for a period of 24 months upon receipt of such application.

Responsibilities

• Maintain corporate-wide technology risk management and cyber resilience policy and process in compliance with the regulator's requirements;
• As a second line of defense, assist risk owners in identifying and measuring risks to build a corporate-wide cyber and technology risks profile;
• Assist senior management in overseeing cyber and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment;
• Perform thematic review over bank technology-related operation and provide advisory towards new products or services
• Review residual risk level and control effectiveness to make recommendation for risk treatment;
• Assist team head to interpret key risk statistics for reporting to senior management on regular basis;
• Assist the coordination for evaluation on emerging cyber threat scenario for continuous improvement on cyber security response preparation for Business Continuity Management (BCM);
• Promote security awareness and ensure compliance with applicable security standards;
• Keep abreast of cyber threat trend to gauge the prevailing cyber threat landscape, and make recommendation on improving the bank risk posture;
• Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new technologies and standard with reference to prevailing industry best practices;
• Assist senior management overseeing the technology related incident management.

Requirement:

• University degree preferably in information technology, information security or related discipline;
• Minimum 5 years of experience in information security, technology risk management or IT Audit field;
• Holder of cybersecurity certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred;
• Practical experience and knowledge in risk management framework and methodology;
• Knowledge in control frameworks such as C-RAF, TM-E-1, TM-G-1, SA-2 and relevant circulars published by the HKMA, SWIFT Customer Security Programme, PCI DSS, etc. are preferred;
• Experience in working for major financial institutions; and
• A good team player with sound interpersonal and communication skills, good command of English language and proficiency in Mandarin.

Applicants who are not invited for an interview within the 8 weeks after submission of application may assume their applications unsuccessful. We may review applications received for suitability for other posts within the Company. All personal data provided will be treated in strict confidence and used strictly for recruitment-related purposes only. We shall retain the personal data of unsuccessful applicants for a period of 24 months upon receipt of such application.

Responsibilities:

• Manage Technology Risk Management processes to identify emerging or existing technology-related risks, measure impact, likelihood and direction of technology-related risks.
• Establish and review technology risk management policy, mechanism and tools of the Bank with reference to Head Office and regulatory requirements.
• Monitor first line of defense in applying technology risk management tools in identifying, assessing, monitoring and controlling technology risk, and provide appropriate opinion and guidance on necessary mitigation measures and remediation.
• Closely monitor any technology-related issues or incidents and control the risks through preventive, compensating and contingency measures.
• Assess the adequacy and effectiveness of the controls from technology risk perspectives during due diligence of new products/ service propositions and incident handling, provide advisory and recommendation on new technology solution of IT initiatives.
• Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial action(s).
• Oversight and challenge the IT security functions to ensure strict adherence to the corporate standards and regulatory requirements, and conduct regular technology risk profile review.
• Prepare regular management reports on technology risk profile of the bank.

Requirements:

• Bachelor Degree holder or above with major in Information Technology or related disciplines
• With 8 years or above banking experience and within which at least 6 year experience or above in IT security, technology risk or IT audit field of banking / financial industry
• Strong understanding of Technology Risk Management and functions of Second Line of Defense, broad knowledge of regulatory requirements, technology risk relevant controls and information security best practices.
• Customer-oriented with strong leadership, communication, interpersonal and negotiation skills.
• Holder of CISSP / CISA / CISM / CRISC certification is preferred.
• Attention to details, good analytical and interpersonal skills.
• Good communication skill (including in Cantonese, Mandarin, English). Proficiency in preparing presentation materials and reports in Chinese will be an advantage.
• Appropriate candidate with less experience could be considered as VP level.
• Be able to work independently and under pressure. Be a good team player.

Applicants who are not contacted within 8 weeks may consider their applications unsuccessful and their personal data will be retained by the bank for a period up to two years.

All information provided by applicants will be used for recruitment purposes only and will be used strictly in accordance with the bank's personal data policies, a copy of which will be provided upon request

Your day-to-day activities will involve close collaboration with various departments to develop forward-thinking policies that address current and future risks. You will lead efforts in conducting rigorous assessments across diverse technology environments-ranging from on-premises infrastructure to cloud platforms-and play a central role in orchestrating incident response operations.

SENIOR TECHNOLOGY RISK MANAGER - CYBER SECURITY CONTROL DIVISION

Salary: Competitive and based on experience

Location: Hong Kong

Keywords: cyber security, technology risk management, incident response, compliance standards, penetration testing, cloud security, vulnerability assessment, cross-functional collaboration, regulatory frameworks, AI and machine learning

A leading financial institution in Hong Kong is seeking a Senior Technology Risk Manager to join their Cyber Security Control Division. This is an exceptional opportunity for you to play a pivotal role in shaping the cyber security landscape of a major organisation, where your expertise will directly influence the safety and resilience of critical information assets. You will be empowered to drive the development and implementation of robust cyber security policies, collaborate with talented professionals across multiple regions, and stay at the forefront of emerging threats and technologies. The organisation offers a supportive environment that values continuous learning, professional growth, and cross-border exposure, making this an ideal position for those passionate about advancing their career in technology risk management within the financial sector.

* Take ownership of cyber security policy formulation and risk management strategies, ensuring alignment with global best practices and regulatory requirements while working alongside experienced teams.

* Engage in high-impact projects including penetration testing, vulnerability assessments, incident response operations, and regional cyber security exercises that span across Asia Pacific and Mainland China.

* Benefit from a collaborative culture that encourages knowledge sharing, ongoing training opportunities, and exposure to cutting-edge technologies such as AI-driven security solutions and advanced threat intelligence.

What you'll do:

As a Senior Technology Risk Manager - Cyber Security Control Division based in Hong Kong, you will be entrusted with significant responsibility for safeguarding the organisation's digital assets. Your day-to-day activities will involve close collaboration with various departments to develop forward-thinking policies that address current and future risks. You will lead efforts in conducting rigorous assessments across diverse technology environments-ranging from on-premises infrastructure to cloud platforms-and play a central role in orchestrating incident response operations. By engaging in regional exercises and staying abreast of industry trends, you will help ensure that the organisation remains resilient against sophisticated threats. Your ability to communicate effectively with stakeholders at all levels will be crucial as you guide teams through complex risk scenarios while fostering a culture of continuous improvement.

* Formulate, review, and manage comprehensive cyber security policies, standards, and procedures to ensure organisational compliance with internal and external requirements.

* Assist in planning technology-related risk management strategies by developing processes and work plans that address evolving cyber threats.

* Participate actively in the design, development, and implementation phases of key cyber security projects to enhance overall protection measures.

* Plan and conduct thorough cyber security assessments and IT risk evaluations covering areas such as IT general controls, information asset management, access controls, cloud/server/endpoint/network/middleware security reviews.

* Support the execution of security initiatives to maintain compliance with corporate information security policies as well as local and international compliance standards.

* Organise and conduct penetration tests, red/blue/purple teaming exercises, vulnerability assessments, validation controls for both local and overseas entities to identify potential risks.

* Provide operational support for cyber security incident response activities by collaborating closely with local and regional Security Operations Centre (SOC) teams to improve daily monitoring, analysis, investigation, and response protocols.

* Coordinate cross-country cyber incident response drills to ensure preparedness for large-scale or complex incidents affecting multiple jurisdictions.

* Serve as a subject matter expert by supporting business units and cross-functional teams in identifying cybersecurity risks, discussing control gaps, and proposing effective remediation strategies.

* Research the latest developments in cyber threats and threat intelligence to keep the organisation informed about new risks while evaluating innovative solutions.

What you bring:

To excel as a Senior Technology Risk Manager - Cyber Security Control Division, you will bring not only technical acumen but also proven experience navigating complex regulatory environments within large financial institutions. Your background should reflect hands-on involvement in designing robust control frameworks while demonstrating sensitivity towards evolving compliance requirements. A passion for continuous learning-especially regarding emerging technologies like AI-driven threat detection-will set you apart. Your interpersonal skills will enable you to build trust-based relationships across business units while your analytical mindset ensures thorough evaluation of risks. Adaptability is key as you may be called upon to participate in regional initiatives or respond swiftly during incidents. Above all else, your dedication to upholding the highest standards of integrity will reinforce the organisation's reputation as a trusted leader in financial services.

* A degree in Computer Science, Information Systems or a related discipline provides you with a strong technical foundation essential for this role.

* At least two years' experience in IT security, technology risk management, compliance or IT audit functions gained within sizable financial institutions ensures you are familiar with industry challenges.

* Possession of at least one recognised professional qualification under HKMA enhanced competency framework such as CISA, CISSP or CISM demonstrates your commitment to professional excellence.

* Additional industry-recognised certifications such as OSCP/OSCE/OSWE/OSEE/GXPN/GPEN/GCPN/GCIH/GSOC/GCFA/OSDA/CCIE/CCNP are highly desirable for candidates aiming to stand out.

* Familiarity with regulatory frameworks including HKMA TM-E-1/TM-C-1/TM-G-1/C-RAF/PCI-DSS/ISO 27001/PDPO/NIST/MITRE ATT&CK/OWASP is advantageous for navigating compliance landscapes.

* Hands-on experience with technologies such as Firewall, IDS/IPS/WAF/DNS Security/Email Security/SIEM/SOAR/DLP/UEBA/BAS/XDR/Deception/Generative AI/Machine Learning/Application of AI/ML/LLM/MCP/RAG libraries in Python is preferable for addressing modern threats.

* Proven track record coordinating cross-country cyber incident response drills highlights your ability to manage complex scenarios involving multiple stakeholders.

* Experience managing SOC operations including offensive security/container security/CSPM/threat hunting/OSINT/dark web monitoring/malware analysis/secops/digital forensics/attack surface management/cloud/on-premises anti-DDoS solution/threat modeling/supply chain cybersecurity/vulnerability management is highly valued.

* Willingness to travel occasionally across Asia Pacific region (including Shenzhen and Shanghai) for regional assessments or training exercises shows your flexibility and commitment.

* Excellent command of written and spoken English is required; proficiency in Mandarin is considered an advantage for effective communication across regions.

What sets this company apart:

This institution stands out due to its unwavering commitment to technological advancement paired with a deep-rooted culture of collaboration. Employees benefit from extensive training opportunities designed to foster both personal growth and professional development. The organisation's inclusive approach ensures that every team member's voice is heard-encouraging open dialogue around new ideas while supporting flexible working arrangements when possible. With access to state-of-the-art tools and resources-including advanced AI-powered solutions-you'll have everything needed to stay ahead of industry trends. The company's regional presence means you'll gain valuable exposure through cross-border projects while contributing meaningfully towards building safer digital ecosystems throughout Asia Pacific. If you are looking for an environment where your contributions are valued and your career can flourish alongside knowledgeable colleagues who share your passion for cyber security excellence, this is the place for you.

What's next:

If you are ready to take on this rewarding challenge where your expertise can make a real difference in protecting critical assets on a global scale, we encourage you to apply now

Apply today by clicking on the link provided - seize this opportunity to advance your career within one of Hong Kong's most respected financial institutions.

Your day-to-day responsibilities will involve close collaboration with international teams to address emerging risks, coordinate compliance assessments, analyse critical data points, and supervise remediation efforts following audits or regulatory reviews. You will also be responsible for driving strategic initiatives that align with group-wide policies while adapting to local regulatory landscapes.

SENIOR TECHNOLOGY RISK MANAGER

Salary: Competitive and based on experience

Location: Hong Kong

Keywords: technology risk management, information security, compliance assessment, regulatory requirements, risk analysis, overseas branches, remediation activities, industry best practices

An exceptional opportunity has arisen for a Senior Technology Risk Manager to join a highly respected financial institution in Hong Kong, supporting both affiliated and overseas entities. This pivotal role offers you the chance to shape and enhance technology risk management strategies across a global network, ensuring robust information security and compliance standards are maintained. You will be at the forefront of international collaboration, working closely with diverse teams to address complex challenges and drive continuous improvement. The organisation is committed to fostering an inclusive environment that values your expertise, encourages professional growth, and supports flexible working opportunities. If you are passionate about making a meaningful impact on global technology risk frameworks while enjoying a supportive and knowledgeable team culture, this is the perfect next step in your career.

* Play a key role in shaping technology risk management strategies across multiple international locations, collaborating with colleagues from various backgrounds and cultures.

* Benefit from a supportive leadership team that values knowledge sharing, ongoing training opportunities, and professional development within a globally recognised financial institution.

* Enjoy flexible working opportunities and the chance to make a significant impact on information security standards for overseas branches and affiliated organisations.

What you'll do:

As a Senior Technology Risk Manager, you will play an instrumental role in safeguarding the organisation's global operations by implementing comprehensive technology risk management frameworks. Your day-to-day responsibilities will involve close collaboration with international teams to address emerging risks, coordinate compliance assessments, analyse critical data points, and supervise remediation efforts following audits or regulatory reviews. You will also be responsible for driving strategic initiatives that align with group-wide policies while adapting to local regulatory landscapes. By delivering targeted training programmes and staying ahead of industry developments, you will help foster a culture of continuous improvement in information security across all affiliated entities. Success in this position requires excellent interpersonal skills, strong analytical abilities, and a genuine commitment to supporting colleagues worldwide through effective communication and knowledge sharing.

* Plan, manage, and oversee the daily operations of technology risk management initiatives for both local and overseas entities, ensuring alignment with group policies.

* Communicate effectively with internal teams to resolve issues related to information security and technology risk management for overseas branches and affiliated organisations.

* Conduct regular IT risk and compliance assessments in overseas branches, coordinating self-assessment activities to maintain high standards of risk awareness.

* Collect key risk indicator data from international offices, performing thorough analysis to identify trends and areas for improvement.

* Supervise remediation activities arising from independent regulatory inspections, external or internal audits, or third-party assessments for overseas branches and affiliates.

* Drive technology risk management initiatives across all regions by influencing stakeholders to adopt best practices in line with group standards.

* Maintain proactive communication with overseas teams to stay updated on local regulatory requirements and ensure compliance at all times.

* Stay informed about the latest threats, vulnerabilities, mitigation techniques, and industry best practices relevant to technology risk management.

* Deliver engaging technology risk and information security awareness training sessions for staff members and technology risk managers in overseas locations.

What you bring:

To excel as a Senior Technology Risk Manager, your background should reflect substantial experience within major financial institutions where you have developed expertise in managing complex technology risks. Your proven ability to interpret regulatory requirements across different jurisdictions will enable you to provide valuable guidance on compliance matters. Strong communication skills are vital for building trust-based relationships with colleagues around the world while delivering impactful training sessions. Your attention to detail when analysing key risk indicators will support informed decision-making processes. Additionally, holding relevant professional certifications demonstrates your commitment to maintaining high standards of practice within the field. A willingness to travel internationally further highlights your dedication to supporting global operations through hands-on engagement.

* A degree in Computer Science, Information Systems or a related discipline provides you with the technical foundation required for this role.

* Over six years of experience in IT security, technology risk management, system development management, compliance or IT audit functions within large financial institutions ensures you bring valuable industry insight.

* Demonstrated experience working with regional regulators as well as familiarity with local regulations and laws pertaining to IT Risk is highly advantageous.

* Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or Certified Internal Auditors (CIA) are preferable.

* Excellent written and spoken English skills are essential; proficiency in Mandarin would be considered an asset for communicating with overseas teams.

* Flexibility to travel internationally as required enables you to support global operations effectively.

* A collaborative approach combined with strong self-initiative allows you to work dependably within cross-functional teams.

What sets this company apart:

This organisation stands out as one of the most established financial institutions in Asia with an extensive international presence. It is renowned for its commitment to nurturing talent through comprehensive training programmes and ongoing professional development opportunities. Employees benefit from a collaborative environment where knowledge sharing is encouraged at every level. The company places great emphasis on inclusivity-valuing diverse perspectives from its global workforce-and offers flexible working arrangements designed to promote work-life balance. With access to cutting-edge resources and supportive leadership focused on employee wellbeing, you can expect your contributions as Senior Technology Risk Manager to be recognised while enjoying long-term career growth within a stable yet forward-thinking setting.

What's next:

If you are ready to take your expertise in technology risk management onto the global stage while enjoying outstanding support from an inclusive team environment, this is your moment-apply now

Apply today by clicking on the link provided.