AVP, IT Security Governance (Major Bank)

Location: 香港
Job Type: Permanent
Industry: 资讯科技
Reference: 34498_1684403642
Job Published: 2023年05月18日 17:54

AVP, IT Security Governance

Job Purpose:

  • Strengthen the 1st line of defense for IT department elated to cybersecurity maturity, improve oversight of cyber/technology risk, to support the rapid Fintech development and transformation initiatives.
  • Build and reinforce IT governance and compliance monitoring, which is segregated from IT operation and implementation to liaise the technology standard and compatibility with new technology;
  • Support compliance monitoring in order to minimize potential risk, regulatory issue and other audit issues, which is in line with the expectation of the Bank and the regulators.
  • Drive and manage IT and cybersecurity improvement and remediation programs (C-RAF and iCAST) according to regulatory and audit requirement, and major risk identified.



  • Assist to strengthen the 1st line of defense to improve oversight of cyber/technology risk and support the rapid Fintech development and transformation initiatives.
  • Maintain and uphold the risk governance and management framework
  • Assist to develop and maintain Information Security Policy and Cyber Security Strategy, associated standard and guidance pertaining to regulatory requirement and industry standard.
  • Organize and facilitate the remediation actions to align with HKMA's C-RAF 2.0 and iCAST requirement, including but not limited to conducting maturity assessment; adoption of intelligence sharing platform; and professional development.
  • Ensure IT practices and controls are adequately developed to address information leakage risk.
  • Assist to organize bank-wide awareness education program and necessary trainings to promote the security cultures of the Bank.
  • Coordinate and respond to audit issues in relation to Cybersecurity to satisfy the compliance requirement.
  • Assist the KRI reporting and review indicator when requested, support to provide materials for committee meetings.


  • Perform risk assessment to ensure oversight of cyber/technology risk across domains of IT infra and security expertise
  • Evaluate technology deviation and liaise with IT teams of implementation process
  • Liaise external 3rd party to conduct independent assessment.


  • Perform gap analysis on regulatory requirement including HKMA and MAS TRM associated guidance

Provide input for inspections and examinations by the regulators, internal and external audits; handle information request and follow up IT related recommendations.

  • Ad-hoc task or project assigned by management related to IT Security Governance.


  • Degree holder in Information Technology, Information System or related discipline.
  • Minimum 5 years' experience in IT and/or Information Security/Technology Risk Management
  • Solid experience in TRM or Audit or Information Security Management.
  • Knowledgeable in risk management practices in IT Infrastructure, IT Application, and IT Service Management.
  • Good at issue reporting/presentation and stakeholder management.
  • Familiar with industry compliance requirements such as PCI-DSS and SWIFT CSP.
  • Good understanding of industry best practices e.g. ISO27001, COBIT etc.
  • Have good understanding of the regulatory requirements such as HKMA (C-RAF 2.0, iCAST, TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, CBRC, FFIEC and etc. Possess knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage.
  • Experience in Big 4 or financial institution will be an advantage.
  • Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
  • Certified in CISSP, CISA, CISM or other recognized certificate is a must
  • ITIL/PMP certification is preferred
  • Certified in CEH, GIAC, CCNP would be an added advantage