See job description for details
Enterprise Technology Risk ? China Risk Officer - VP
The successful candidate will work as part of a global team to support the risk function of enterprise technology & risk divisions.
The ETR function is responsible for establishing and governing globally consistent and effective risk management strategies, policies and standards. The ETR team is looking to fill an officer role with a focus on China coverage, supporting China and regional risk and control self-assessment programs and governance programs, providing a direct support and liaison for senior Asia ETR management and China country management.
This role requires solid experience in technology risk management in a regulated China environment, along with team management, presentational and influencing capability. The role requires someone who is analytical and can quickly move between highly technical problem solving and providing senior management overviews, provide consultative support to the department by giving advice on best practices and driving risk compliance to meet local regulations and established IT control policies, processes and procedures in the region.
? Familiarity with the Technology risk management framework and control self-assessment process
? Experience of team management / relationship management in a matrix management structure
? Proven leadership skills with excellent track record in delivering high performance
? Experience of risk reporting / dashboard generation / KRIs
? Familiar with regulatory technology requirements (CBIRC, PBOC, SAFE, CSRC ), Experience of regulatory and audit engagements, particularly experience in dealing with the regulators in China (CBIRC, PBOC, SAFE, CSRC) and local industry forums
? Strong understanding of China financial industry business and how technology being leveraged
? Ability to influence and engage with senior management and stakeholders
? Ability to manage expectations and handle high-pressure situations with tight deadlines
? Ability to quickly adapt to changing priorities and demands
? Excellent communication / interpersonal skills and both Chinese ( Putonghua) and English to be able to interact at all levels of the organization and with local regulators as well as be effective as part of a broader team
The role requires the individual to
? Manage the overall engagement of the Division with Firmwide risk and control groups as appropriate. This includes TR(Technology Risk department) Identity and Access Management, ORD(Operational Risk Department) and Internal Audit
? Manage the engagement with TR in support of agreed controls to monitor and coordinate the implementation and adoption of all applicable processes and tools. Determine the scope and manage the execution of any necessary remediation work to achieve the agreed level of adoption in the Division. For Identity and Access Management, for example, this includes the use of approved provisioning tools, the definition of entitlements models, technology Segregation of Duty tagging, entitlements classification
? Manage the engagement with TR to collaborate on the design of new controls or control process for use across Technology. In addition, facilitate the deployment and adoption of new controls and control processes and facilitate the setting of scope for such activity within the Division
? Monitor the completeness and appropriateness of key risk and control related data and raise concerns with data owners and escalate to Divisional management if required. This includes Divisional risk data in the risk register and in the Firm?s issue and action plan tracking system (OpenPages), Technology Asset Inventory (TAI) reference data, Technology Access Management (TAM) related roles and Business Continuity data
? Review and approve certain control related reference data in TAI. This includes new assets, new teams and changes to Segregation of Duty tagging
? Ensure management awareness and governance around progress on risk responses from across the risk and control agenda through regular reporting to management (e.g. DIRC). This includes SOX, Audit and Regulatory Open Page issues and actions; Risk Register remediation actions and actions arising from Formal Assessments
? Monitor the regulations development, provides regulatory guidance to other technology departments. Provide regulatory response in the ETR areas. If needed, communicate with regulator to understand more detailed regulatory requirements
? Oversight the China entity specific technology risk being properly response and oversight the legal entity technology policies/standards in alignment with both firm?s objective, and regulatory expectations being properly maintained and complied.
? Provide advice to various China Technology Governance Forum for risk remediation or risk updates. Qualifications:
? Knowledge and understanding of infrastructure technologies and / or security technologies
Self-starter able to complete role with minimal supervision, paying close attention to detail
Knowledge and understanding of infrastructure technologies and / or security technologies
10 - 15 years of experience in technology risk management in the financial services or other regulated industry.
? Degree level qualification: bachelor?s degree
? Certifications in the IT Risk area such as CISA, CISSP / CISSM (or equivalent) would be an advantage
? Strong project management skills; proven ability to prioritize business objectives and effectively manage regulatory agenda in a dynamic environment