Manager Cyber Governance and Privacy

We are currently looking for a Manager Cyber Governance and Privacy to join the Bank. You will be responsible for providing information & cyber security leadership and expertise to effectively and efficiently ensure the ongoing confidentiality, integrity, and availability of information and resilience of systems / services.

  • Manage, and implement a Regulatory Approval workstream to ensure the Bank meets mandatory Privacy & Data Protection, Technology, and Outsourcing requirements.

  • Help to manage the Bank’s overall risk profile by ensuring that the Bank meets best practice industry standards and mandatory requirements.

  • Lead the Bank’s response to governing, managing, and meeting technology risk and regulatory requirements as regards data privacy and governance.

  • Lead the workstream on defining, structuring, and operationalising the Bank’s model for Privacy by Design & Default.

  • As a specialist in Data Governance and Privacy, define all Data-related Standards, Procedures, Processes, and Guidance.

  • Define, manage, and oversee appropriate technical and organisational measures and the controls outlined in the Data-related Standards, in line with the Bank’s risk appetite and prevailing regulatory and industry requirements.

  • Define and oversee the Bank's management of all data processors – including contract review.

  • Monitor for threats and vulnerabilities against Data processing systems and services.

  • Ensure data processing operations and personal data Inventories are maintained and compliant.

  • Facilitate the Bank’s numerous Digital Risk assessments, including but not limited to Information Security Risk Assessments and Privacy Impact Assessments.

  • Assist in information security control oversight activities such as user access reviews, system log audits, control sample testing and risk and control security assessments.

  • Design and conduct awareness initiatives and training to promote and drive a cyber and digital risk aware culture.

  • Support the management of security incidents and data breaches.

  • Help to mature the Bank’s Data / Privacy risk posture by advising the Business on decisions, and collaborate across the Business to strengthen end-to-end protection controls.

  • Oversee Data Governance / Privacy related regulatory and external engagement initiatives for Cyber & Digital Trust and play a key role in shaping external perceptions of the Bank’s Tech / Data Governance, management, and protection capabilities.


5 Years’ experience in technology/IT/security related positions, including time spent in Cyber Management, Business Analysis, Technology Risk, Design, Development, Security Assurance, Privacy & Data Protection, Digital Assurance, or an applied cyber security role. Ideally, your experience will include time in a consulting or advisory capacity.

You should be able to demonstrate:

  • Five or more years’ industry experience in technology risk management or technology/outsourcing regulation.

  • Experience in completing due diligence requirements for contractual arrangements with third parties in support of e-Banking Systems in Hong Kong.

  • Experience in HKMA, SFC, PCPD, PRA, FCA, and EBA regulations highly desirable, particularly experience in meeting the requirements of TM-E-1, SA-2, TM-G-1, and TM-G-2, PDPO and GDPR.

  • Educational background in computer science, information security, or law.

  • Ability to understand and overcome the differences in the management of technology risk of an agile bank compared to a traditional bank.

  • Experience in the following areas important: technology risk management; privacy; and cloud technology.

  • A respectful and balanced attitude towards both risk management and business development.