Associate Director, Governance, Risk & Compliance

Posted:
12/11/2024, 8:08:36 PM

Location(s):
Kowloon, Hong Kong, China ⋅ Hong Kong, China

Experience Level(s):
Expert or higher ⋅ Senior

Field(s):
IT & Security ⋅ Legal & Compliance

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Job Purpose

The role is responsible for leading a portfolio of complex risk assessments, reviews & management testing related to Information Technology, with an emphasis towards emerging cyber security risks, Hong Kong Regulatory requirements, audits and timely consulting & support to ongoing Hong Kong projects

Risk Management

Risk Management Program framework – Risk Control Self-Assessment, Process Risk Controls, emerging risks. Draw up an IT Governance Plan for each year and drive adherence to it.

Reviewing & testing of

  • Information Security: Governance; Access Administration; Incident & Vulnerability Management; Internal & External Threat Management
  • Information/Database Management: Database Management systems including, Oracle, SQL, DB2 etc.
  • Network Technologies: network security & management; Internet/Intranet technologies; Firewalls, Routers & Switches

Incremental scope include, but not restricted to -

  • Control Testing Gap Assessment – IT auditable areas (Asset Management, IT operations, Application Development & Project Management)
  • Tracking KRIs for Asia by BU & SLGS – Quarterly Risk & Compliance Committee
  • Expanded scope of providing Support on Third Party Risk Management (TPRM) activities & policy requirements

Follow the Asia Governance Risk Compliance Guidelines & adherence on,

  • Entity policies, standards, and management control
  • Technology that is new to the Asia such as cloud computing, mobile technology and high-performance computing programs, and their related support models

Control & Compliance

  • Embed control framework to align with Entity’s policy, directive and practices within
  • Developing, reviewing, approving and periodically refreshing policies, directives & operating guidelines stemming from corporate, regional & local requirements
  • Drive controls & compliance agenda for significant projects, initiatives & third-party relationships
  • Manage the risks associated with a significant business disruption by establishing & governing a comprehensive Business Continuity Management Program
  • Dissemination & compliance DBTS Operating Guidelines & applicability to Asia
  • Waivers & Obsolescence Management Pre-Screening and through NA alignment
  • Gap assessment & audit readiness – Frontend audits for Hong Kong
  • Audit remediation efforts

Regulatory & Operational Support & Consulting

  • New OSFI / Local Regulations & impact to Asia IT (e.g. E-21, B-13, B-10)
  • Mapping IT regulations as set by the Hong Kong Regulatory
  • OSFI Response & readiness
  • Work with Operational Risk Management Team to identify trending risks and actions

Committees / Reporting / Working Group

  • Risk Committees (DBTS, ARMC, Local Business/Operational Risk reviews etc.) – Quarterly/Monthly
  • Waivers / Policy Exceptions - Security & ITAM Triage – Weekly
  • Asia IT Risk Committee - Quarterly
  • Audit Management SOX Attestation etc

Talent Management

  • Participate in knowledge building practices to develop thought leadership, team and individual skill development trainings
  • Attending conferences and trainings, business immersion, networking, reading publications, being up to date on other industries (non-billable)

Subject Related

  • Bachelor's Degree in CS/E&C/IT Engineering or MCA / MBA with 15-18 years of experience in IT Governance, auditing business planning and future visioning in IT
  • Interest in technology / IT or a recognized IT audit / security (CISA, CIA, CISM, CISSP) designation,
  • Experience working in a client-facing, matrix, project-based assignments; typically gained through prior audit, advisory, consulting, or accounting
  • Good understanding of concepts around COSO, COBIT
  • In depth knowledge of IT Governance methodologies, project management (Agile, Lean & Waterfall) and system development methodologies, control frameworks and risk management practices, & regulatory requirements

Soft Skills / Seniority Requirement

  • Passionate change agent, able to see around corners, and comfortable with ambiguity
  • Problem solving & decision-making skills
  • Effective communication skills and ability to present to senior stakeholders
  • Collaborating, facilitating, negotiating, influencing skills
  • Change management skills
  • Proven relationship management skills including a demonstrated ability to deal effectively with staff of all levels including very senior functional AVPs, VPs, SVPs
  • Multitasking and the ability to operate effectively under pressure.
  • Strong written and verbal communication skills, with ability to both develop relationships and formerly present findings and recommendations at executive and C-level
  • Excellent influencing skills, effective stakeholder management with successful track record of working collaboratively across matrix teams

Problem solving

  • Anticipated problems will be influencing business partners, especially in providing proposed process changes.
  • The role also involves pushing the governance & risk management agenda in a tight / limited resource (budget / time / talent); Influence would expand to BU IT & RO IT teams.
  • The role also involves responding / defending the processes with Corporate audit & regulators.

Job Category:

IT - Technology Services

Posting End Date:

30/03/2025