What Jobs are available for Vulnerability Management in Hong Kong?

• Join a reputable organisation at the forefront of cyber security, offering exposure to advanced technologies and complex environments.

• Oversee the continuous scanning of infrastructure for vulnerabilities and ensure configuration compliance across platforms, databases, networks, and voice systems.

• Lead penetration testing activities for both application and infrastructure security, ensuring robust defences against emerging threats.
• Manage the delivery of DevSecOps services by guiding secure development practices and integrating security into operations workflows.
• Directly supervise team members through hiring, training, coaching, setting objectives, and performance management to foster a collaborative and high-performing environment.
• Coordinate with external service providers and product vendors to establish, monitor, and maintain agreed service levels for vulnerability management.
• Provide oversight on the identification and remediation of vulnerabilities, ensuring timely resolution according to established priorities.
• Assess vulnerability intelligence in relation to both internal systems and the broader external threat landscape to inform risk-based decision making.
• Continuously identify gaps in controls or coverage within vulnerability management processes and propose initiatives for service enhancement.
• Develop comprehensive metrics, reports, and service highlights for presentation to business stakeholders and IT leadership.
• Act as the lead during incidents involving actively exploited or critical vulnerabilities by developing response plans and overseeing their implementation.

What you bring:

• A degree in Computer Science, Information Security or a related discipline provides you with a strong academic foundation for this role.
• Twelve years or more of relevant experience in information security roles ensures you bring deep industry knowledge.
• At least five years' hands-on experience specifically within vulnerability management demonstrates your subject matter expertise across multiple disciplines.
• Proven track record in leading teams through hiring, training, coaching, objective setting, and performance management fosters a collaborative work environment.
• Comprehensive understanding of vulnerability management services including operating procedures enables effective oversight of critical functions.
• Exceptional logical thinking skills allow you to analyse different categories of vulnerabilities with precision.
• A customer-focused approach ensures that all services delivered meet high standards of quality and responsiveness.
• Excellent interpersonal skills support effective communication with both technical teams and business stakeholders alike.
• Experience with key technologies such as Vulnerability Assessment tools, DevSecOps methodologies, Penetration Testing frameworks, Secure Code Review processes, Attack Surface Management solutions, and Red Team exercises enhances your technical toolkit.
• Holding industry-recognised certifications such as CISSP or CISM further validates your expertise.

• Join a reputable organisation at the forefront of cyber security, offering exposure to advanced technologies and complex environments.

• Oversee the continuous scanning of infrastructure for vulnerabilities and ensure configuration compliance across platforms, databases, networks, and voice systems.

• Lead penetration testing activities for both application and infrastructure security, ensuring robust defences against emerging threats.
• Manage the delivery of DevSecOps services by guiding secure development practices and integrating security into operations workflows.
• Directly supervise team members through hiring, training, coaching, setting objectives, and performance management to foster a collaborative and high-performing environment.
• Coordinate with external service providers and product vendors to establish, monitor, and maintain agreed service levels for vulnerability management.
• Provide oversight on the identification and remediation of vulnerabilities, ensuring timely resolution according to established priorities.
• Assess vulnerability intelligence in relation to both internal systems and the broader external threat landscape to inform risk-based decision making.
• Continuously identify gaps in controls or coverage within vulnerability management processes and propose initiatives for service enhancement.
• Develop comprehensive metrics, reports, and service highlights for presentation to business stakeholders and IT leadership.
• Act as the lead during incidents involving actively exploited or critical vulnerabilities by developing response plans and overseeing their implementation.

What you bring:

• A degree in Computer Science, Information Security or a related discipline provides you with a strong academic foundation for this role.
• Twelve years or more of relevant experience in information security roles ensures you bring deep industry knowledge.
• At least five years' hands-on experience specifically within vulnerability management demonstrates your subject matter expertise across multiple disciplines.
• Proven track record in leading teams through hiring, training, coaching, objective setting, and performance management fosters a collaborative work environment.
• Comprehensive understanding of vulnerability management services including operating procedures enables effective oversight of critical functions.
• Exceptional logical thinking skills allow you to analyse different categories of vulnerabilities with precision.
• A customer-focused approach ensures that all services delivered meet high standards of quality and responsiveness.
• Excellent interpersonal skills support effective communication with both technical teams and business stakeholders alike.
• Experience with key technologies such as Vulnerability Assessment tools, DevSecOps methodologies, Penetration Testing frameworks, Secure Code Review processes, Attack Surface Management solutions, and Red Team exercises enhances your technical toolkit.
• Holding industry-recognised certifications such as CISSP or CISM further validates your expertise.

Company description:

The Hong Kong Jockey Club

Job description:

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club's ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club's reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Lead and manage end-to-end penetration testing services, ensuring execution across all engagements to identify security weaknesses within the organisation's applications and environments
• Act as a Subject Matter Expert to support and respond to penetration testing-related requests, proactively anticipate needs (e.g. project requirements) and propose workable solutions

• Manage/conduct penetration testing and vulnerability management assessments, namely:

• System and infrastructure-based security assessments

• Web application security assessments
• Mobile application security assessments

• Vulnerability scanning

• Identify and exploit vulnerabilities using manual techniques and automated tools

• Develop custom scripts, payloads, and exploits to bypass security controls
• Document findings with detailed technical evidence and clear remediation guidance with recommended safeguards and compensating controls that meet the organisation's cybersecurity standards
• Collaborate with stakeholders to communicate findings and track the status of follow-up actions to ensure timely identification of vulnerability remediation
• Design and maintain KRI dashboards to track cybersecurity posture and report penetration testing outcomes in monthly management reports
• Develop and maintain internal standards, methodologies, and documentation for penetration testing and vulnerability management processes
• Manage vendor relationships to ensure service quality and monitor performance against SLAs
• Undertake other duties assigned by Cyber Security Management
• Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours

About You

You should have:

• University degree in Computer Science, Information Security, and/or related discipline
• Industry-recognised certification in one or more of the following - OSCP, OSCE, OSWE, GPEN, CEH, CISSP, CISA, or equivalent
• 5 years or more of working experience in the penetration testing and vulnerability management domain across various disciplines
• Proven expertise in conducting application security assessments across web, mobile, and self-developed applications
• Strong service and a customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Hands-on experience with industry-standard tools such as Kali Linux, Burp Suite, Qualys, Nessus, Nmap, Metasploit, Wireshark, etc.

• Deep technical knowledge in:

• Operating systems: Windows, Linux, macOS

• Offensive tooling and technique: Implant reverse shells, Command and Control (C2) infrastructure
• Network and security architecture: TCP/IP, IDS/IPS, firewalls, WAFs, web content filtering
• Cloud platform: Integrated security solutions across major cloud providers (e.g. AWS, Azure)

• Application security: Coding practices and architecture design

• Demonstrated ability to perform penetration testing, vulnerability assessments, and security reviews for applications and infrastructure

• Contribute to the development and refinement of penetration testing and secure vulnerability management standards
• Experience participating in red team operations is desired
• Exploit research and development skills are a plus
• Source code review experience is a plus

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

Company:

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description:

This role is for a technical support position and he/she will be responsible to oversees Middleware Vulnerability Management. They must plan and rectify middleware products security vulnerabilities. He/she will help ensure the quality of Core Middleware services remains consistently high and Create Middleware management reporting and dashboard and adhere to all IT security policies to maintain system integrity and quality.

The candidate must have excellent technical knowledge matched by a "can do" hands-on attitude to develop automatic process to generate reports and dashboard and always work to minimize operational risk. Also capable of develop scripts to manage repetitive or mass deployment tasks. The successful candidate will be a member of a dynamic IT team and will work with other IT teams in Asia, Europe and Americas, so must possess strong organization skills, have good time management and excellent written and communication skills.

Responsibilities:

• Responsible for the overall Middleware Vulnerability Management of Core Middleware systems in APAC (infrastructure in Singapore, Hong Kong, Japan and China) and regional oversight of the rest of APAC countries.
• Must have a mindset to provide continuous team and service improvements, be risk adverse in change management, focus on mitigating middleware vulnerabilities and be eager to improve the monitoring, efficiency, reliability, capacity and quality of all IT services.
• Strive to ensure 100% uptime for all Core Middleware systems infrastructure in APAC, taking into account business requirements.
• Able to plan, test and execute Production changes successfully following a robust Change Management process.
• Responsible for updating all live production documentation under their scope.
• Has direct hands on experience managing to reduce hardware and software obsolescence across IT.

Business relationships:

• Work closely with all major stakeholders of the Core Middleware Systems, and any team(s) with direct influence and dependencies.
• Must build a strong relationship with our internal customers in APAC.
• Have proven experience working collaboratively with all teams across all departments and refusing to work in silo mode.
• Follow all Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Governance:

• Follow Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Essential Technical Knowledge/Skills:

• At least 5 - 7 years of technical experience in following middleware technologies listed below

• Open source Apache HTTP Server (2.4.x)

• Open source Tomcat application Server (8.x, 9.x)
• Microsoft IIS server (IIS 8.5, 10)
• REDHAT Jboss EWS (Apache / Tomcat 5.x)
• REDHAT EAP application server (EAP 7.x)
• IBM WebSphere Application server BASE & ND (8.x, 9.x)
• IBM WebSphere MQ server (8.x, 9.0, 9.1, 9.2)

• Oracle WebLogic server (12.x, 14.x)

• Analysis, remediation planning and execution for all overdue vulnerabilities for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS products.

• Analysis, remediation planning and execution for all Critical compliance deviations on Digital Platform assets, and ideally on High deviations for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS.

• Enhancement of the current processes for remediationd for all APAC assets where the remediation owner is Digital Platform (include assets provided to and supported for CIB, WM, Cardif entities), on the vulnerability management and compliance management remits.

• Continuous improvement of the security watch process for the products under APAC Digital Platform management, to pro-actively plan for patching.

• Experience in creating and producing reports and Dashboard.

• Obtain skill for reporting : Tableau / Power query / Excel Micro programing / PowerBI / SQL query / Python / API

• Optional skill set: Prometheus / Grafana / Kibana / ELK

• Obtain skill for automation: Ansible scripting + Ansible tower

• Middleware skill: IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS

• Oversight of the Vulnerability & Compliance Deviation remediation for the locally-managed network gears.

• To apply security vulnerability fixes on timely manner as per business needs.

• To apply security hardening policies for middleware productson timely manner as per business needs.

• Must have excellent written and verbal communication skills.

• Productiveness team work and strong analytical skills.

• Demonstrate a systematic and logical approach to problem-solving.

• Good presentation and documentation skills.

• Ability break down complex technical situations and adapt their language to all levels of discussion, from non-technical managers up to 3rd level System Experts.

• Have knowledge and experience using agile methodologies and/or has been part of DevOps teams.

• Be service oriented, customer focused, positive, committed and have an enthusiastic "can do" attitude.

• Great time keeping skills and attention to detail is essential.

• Flexibility to do shift work and some weekends or late after office hours at short notice.

• Must be independent, organized, self-motivated, responsible, and able to complete tasks with little or no supervision.

• Relishes taking ownership, being totally hands-on and comfortable directly interfacing with people at all levels of the organization.

• Knows ITIL concepts and can apply them effectively.

Other Value-Added Competencies:

• A professional certification in any of the application server technology listed.

• Analytical thinking and strong diagnostic information gathering

• Client-oriented, strong communication and organization skills
• Initiative and multitasking
• Ability to work under pressure
• Having knowledge in ansible / good scripting skills in PowerShell, Python or other programming languages is an added advantage.

• Regular team buildings
• 18 leave days / Year
• Health Insurance
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• E-learning and certifications paths

Company description:

The Hong Kong Jockey Club

Job description:

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club's ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club's reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
• Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
• Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
• Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club's context and the external threat landscape
• Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
• Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
• Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
• Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee its implementation it

About you

You should have:

• Degree in Computer Science, Information Security, and/or related discipline
• 12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams
• Strong experience covering Vulnerability Management services and required operating procedures
• High degree of logical and analytical thinking skills, particularly in the different categories of vulnerabilities and how they work
• Strong service and customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Experience with the following services and technologies - Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
• Industry-recognised certification in one or more of the following - CISSP, CISM, etc.

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

Job Description

Interactive Brokers Hong Kong Limited ("IBHK") is expanding its Risk Assessment Team (RA) within the New Accounts Department at our Hong Kong office. We are searching for candidates with prior experience in the financial services industry, exceptional attention to detail, and strong communication skills. The RA department liaises with Interactive Brokers' retail and professional clients.

The IBHK RA is accountable for providing high-quality reviews of Anti-Money Laundering (AML), Know-Your-Customer (KYC), sanctions, and Politically Exposed Persons (PEP) issues for retail customers, financial advisors, hedge fund operators, and other broker-dealers. We aim to facilitate client onboarding by providing regulatory and compliance guidance while building and maintaining long-term client relationships as we expand our global service offerings.

Responsibilities

• Perform Enhanced Due Diligence (EDD) reviews on individual and corporate applications following policies and desktop procedures; identify and escalate potential AML risks
  
  Analyze and verify source of funds/wealth information through public domain sources or documentation
• Investigate and process alerts from multiple queues, sourcing information as appropriate from external sources and/or internal personnel to investigate and process alerts effectively
• Evaluate and resolve negative news and/or red flags or potential PEP matches escalated by other New Account Teams
• Run checks in the Offshore Leaks Database and conduct public domain searches for negative information related to applicants and associated entities
• Provide advice on issues and escalations to other New Account Teams to address difficult applications and independently recommend risk-based decisions to AML
• Responsible for timely escalation of suspected financial crime to AML
• Work closely with other New Account Teams and AML to review and evaluate all financial crime risks

Qualifications, Skills & Attributes

• Bachelor's degree
• Experience: 2–3 years in client service and/or financial services preferred. Fresh graduates with a relevant academic background who are motivated and demonstrate the right aptitude will also be considered
• Minimum of 2 years' experience and familiarity, preferably gained in a brokerage or corporate banking environment, with onboarding or reviewing high-risk client relationships and conducting EDD
• Excellent written and oral communication skills in English and Cantonese; Mandarin is advantageous
• Strong research, investigatory, and problem-solving skills
• Ability to make risk-based recommendations and articulate them persuasively to other departments
• Able to multitask across various projects and firm initiatives
• Prior experience in a highly automated environment and/or a high degree of comfort with computers and technology
• Intermediate experience with MS Outlook, MS Word, and MS Excel
• Ability to work and thrive in a fast-paced, medium-sized office environment

Core Competencies

• Ability to identify, analyze, and escalate complex issues
• Excellent troubleshooting and problem-resolution skills
• Takes personal responsibility for identifying client needs while providing a high-value experience
• Efficient, self-motivated, and hard-working
• Able to multitask in a high-pressure environment

Company Benefits & Perks

• Competitive salary, annual performance-based bonus, and stock grant
• Excellent health and welfare benefits including medical, dental, specialist, and inpatient coverage
• Competitive annual leave package
• Daily lunch ordered in-house with a fully stocked kitchen
• Modern offices with multi-monitor setups
• Great work-life balance
• Unique opportunity to gain exposure to global financial products, markets, and clientele
• Opportunities for career progression and job scope expansion in a global company with a growing local presence
• Hybrid work arrangement, where permitted

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanctions compliance
• Candidate with more experience would be considered as Senior AML Manager
• Require to master at least 1 or more of the following key fields:  AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanction compliance
• Require to master at least 1 or more of the following key fields: AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Coordinate other risk-related control requirements and reporting at the department level
• Coordinate business action plans, strategy reports, and other initiatives within the headquarters
• Conduct periodic analysis to identify emerging money laundering and terrorist financing risks faced by the Bank and related risk changes
• Provide independent advice and support for the development, design, review, and continuous improvement of the ML/TF risk assessment framework and related models
• Monitor follow-up actions on model recommendations made by internal/external auditors, regulators, and other compliance teams
• Supervise and support the subordinates

• Bachelor degree or above in Law, Banking and Finance, Accounting or related disciplines
• Relevant qualification in CAMS, ECF (AML/CFT) Core Level, FRM, CPA, ACCA will be an advantage
• Prior experience in IT audit is preferred
• Good Knowledge in one or more of key areas on AML policies and compliance requirements, customer and product due diligence, AML risk modeling, compliance inspections, development of business and product risk control measures, suspicious transaction case investigations, AML system model management, fraud and corruption risk prevention and investigation.
• Strong execution capabilities, independently and proactively coordinating across teams to implement relevant control measures and requirements, ensuring timely completion of tasks
• Possess analytical skills to analyze diverse data and information, identify risk points across domains, and propose corresponding controls
• Excellent communication and report/information organization capabilities
• Exhibit project promotion capabilities to actively coordinate and drive projects assigned by superiors