Technology Risk Manager / Associate (Information Technology)

  • Negotiable
  • Hong Kong
  • Permanent, Full time
  • BOC International
  • 19 Jan 17

As a leading investment bank in China and Hong Kong region, the investment banking arm of Bank of China, BOC International Holdings Limited (“BOCI”), is now seeking highly motivated, creative and success-oriented professional who would like to pursue the career for supporting our capital market business.


  • Provide IT risk & compliance consultancy to IT Division on technology risk management framework, IT policy and procedure, regulatory requirements and industry best practice around IT risk and regulatory compliance;
  • Develop and maintain a fit and proper technology risk management framework for the company;
  • Perform risk & control assessments on IT processes to articulate and explain the risk to management as well as propose mitigating controls to reduce the risk;
  • Perform IT regulatory compliance assessment & reporting, work closely with Legal & Compliance Division on responding to circulars & notices that affect ITD;
  • Monitor IT incident management process to ensure that IT incident are managed according to the IT incident management policy;
  • Develop & maintain IT risk register to record and manage IT risk according to the technology risk management framework;
  • Report Operational Risk Event according to the requirements from Operational Risk Management;
  • Develop and maintain Key Risk Indicators information;
  • Drive risk remediation programs for mitigating key risk areas around IT risk and regulatory compliance;
  • Coordinate internal/external audit & regulatory inspection for ITD, work closely with the relevant IT team on preparing the requested information.


  • At least 7 years of relevant experience for Manager or 3 years for Associate in technology risk, information security, regulatory compliance, risk & control and/or operational risk management from the banking and finance industry
  • Knowledge on IT risk & compliance principles and best practices, practical experience in conducting risk & control assessments
  • Sound knowledge across different domains including risk & control, information security, operational risk management
  • Experience in performing IT regulatory compliance assessment & reporting
  • Familiar with the regulatory environment of the banking and finance industry including the requirements from HKMA and SFC
  • Strong communication and interpersonal skill and be able to work with stakeholders at all levels
  • Strong business knowledge on investment banking, securities brokerage and private banking business
  • Certification or passed examination in IT audit or information security (e.g. CISA, CISM, CISSP)
  • Degree holder major in Computer Science or Business Management, or related field
  • Prior experience gained as an auditor is desirable

Please apply in strict confidence with full resume, academic record, current and expected salaries.
Please quote the applied position & reference number in the subject.
(The personal data provided will be used for consideration of recruitment only. All personal data of unsuccessful candidatee will be destroyed within six months.)