We are currently looking for a Manager Cyber Governance and Privacy to join the Bank. You will be responsible for providing information & cyber security leadership and expertise to effectively and efficiently ensure the ongoing confidentiality, integrity, and availability of information and resilience of systems / services.
Manage, and implement a Regulatory Approval workstream to ensure the Bank meets mandatory Privacy & Data Protection, Technology, and Outsourcing requirements.
Help to manage the Bank’s overall risk profile by ensuring that the Bank meets best practice industry standards and mandatory requirements.
Lead the Bank’s response to governing, managing, and meeting technology risk and regulatory requirements as regards data privacy and governance.
Lead the workstream on defining, structuring, and operationalising the Bank’s model for Privacy by Design & Default.
As a specialist in Data Governance and Privacy, define all Data-related Standards, Procedures, Processes, and Guidance.
Define, manage, and oversee appropriate technical and organisational measures and the controls outlined in the Data-related Standards, in line with the Bank’s risk appetite and prevailing regulatory and industry requirements.
Define and oversee the Bank's management of all data processors – including contract review.
Monitor for threats and vulnerabilities against Data processing systems and services.
Ensure data processing operations and personal data Inventories are maintained and compliant.
Facilitate the Bank’s numerous Digital Risk assessments, including but not limited to Information Security Risk Assessments and Privacy Impact Assessments.
Assist in information security control oversight activities such as user access reviews, system log audits, control sample testing and risk and control security assessments.
Design and conduct awareness initiatives and training to promote and drive a cyber and digital risk aware culture.
Support the management of security incidents and data breaches.
Help to mature the Bank’s Data / Privacy risk posture by advising the Business on decisions, and collaborate across the Business to strengthen end-to-end protection controls.
Oversee Data Governance / Privacy related regulatory and external engagement initiatives for Cyber & Digital Trust and play a key role in shaping external perceptions of the Bank’s Tech / Data Governance, management, and protection capabilities.
5 Years’ experience in technology/IT/security related positions, including time spent in Cyber Management, Business Analysis, Technology Risk, Design, Development, Security Assurance, Privacy & Data Protection, Digital Assurance, or an applied cyber security role. Ideally, your experience will include time in a consulting or advisory capacity.
You should be able to demonstrate:
Five or more years’ industry experience in technology risk management or technology/outsourcing regulation.
Experience in completing due diligence requirements for contractual arrangements with third parties in support of e-Banking Systems in Hong Kong.
Experience in HKMA, SFC, PCPD, PRA, FCA, and EBA regulations highly desirable, particularly experience in meeting the requirements of TM-E-1, SA-2, TM-G-1, and TM-G-2, PDPO and GDPR.
Educational background in computer science, information security, or law.
Ability to understand and overcome the differences in the management of technology risk of an agile bank compared to a traditional bank.
Experience in the following areas important: technology risk management; privacy; and cloud technology.
A respectful and balanced attitude towards both risk management and business development.