Assistant General Manager, IT Risk Control

Lead and provide expertise to efficiently manage cyber and technology risks arising from our use of internal developed technology and 3rd party solutions. Establish/Revise and provide inputs to the design of the cyber and technology risk control framework. Drive the implementation of the cyber and technology risk control framework within 1st Line of Defense (e.g. NIST, ISO 27001). Drive initiatives to identify, measure, monitor and report on new and existing risk matters. Assist EDGM, Head of IT Risk Control & Governance in providing a focal point of managing cyber risk including the design of effective controls and the systematic monitoring of risks. Be a change agent and internal advisory by making risk management relevant to everyone in a clear and succinct manner as we seek to further embed control culture. Be open to change over time as we adapt to the every-changing control and regulatory landscape. Advise on and challenge control matters as needed from a 1.5 line of defense perspective. Follow through remediation on Cyber related incidents and risk matters; guide the containment and eradication phase of the incident when occurred. Collaborate with internal teams, establish incident response plan and communicate effectively amongst BU/SU stakeholders and IT management. Risk exception and acceptance must be well governed, timely validated and properly escalated. Be flexible and show resolution ideas in navigating complex regulatory challenges and deliverables. Establish and enforce Cybersecurity best practices e.g. NIST, SAN, IS , CSA. Perform regular risk assurance review on periodic basis to support 1LOD risk control objective. Make recommendation to ITG management on how to improve ITG overall control environment. Enforce control requirements to established Policies & Standards and provide advisory to internal teams on design controls (a shift left mindset) and be able to articulate the risk associated with ineffective IT system design and operations. Supervise junior member of the IT Risk Control & Governance team to ensure the above objectives are met. Requirements: Degree in Information Technology, Computer Science, or Engineering. 8-10 years' experience in Cybersecurity field including Security Operations, Security Architect, Risk Management, Data Security, Incident Response team etc. Experience in forming and leading Risk Management and/or Governance framework. Experience in Business Continuity/Disaster Recovery Management or Incident Management would be an advantage. Good experience in formulating IT processes and procedures. Cybersecurity experience is a definite advantage. Operational Risk Management experience is a definite advantage. Certified Information System Security Professional (CISSP) is a definite advantage. Certified Information Security Manager (CISM) is a definite advantage. Certified Information Systems Auditor (CISA) is a definite advantage. Certified Information Privacy Professional (CIPP) is an advantage. ITIL certification is an advantage. COBIT certified is an advantage. Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months. China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner. #J-18808-Ljbffr