Technology Risk Senior Consultant/Manager

We are seeking an experienced and driven Technology Risk Senior Consultant/Manager to join our client's team in Hong Kong. You will play a key role in delivering advisory services to financial institutions, focusing on cybersecurity risk, regulatory compliance, and governance. This role offers the opportunity to work with high-level stakeholders and participate in both local and international engagements.

Key Responsibilities:

• Conduct and lead regulatory compliance assessments for global and local financial institutions in addressing varying regulatory requirements.
• Provide strategic advice in designing and implementing governance, risk management, and cybersecurity solutions to combat emerging cyber threats.
• Establish technology cyber risk and cybersecurity governance frameworks, including strategy, organisational structure, processes, and policies.
• Engage with C-level executives, senior management, and frontline professionals to develop and deliver client solutions.
• Collaborate with security vendors, cloud providers, and internal teams to develop and deliver complex security engagements.
• Support the business development cycle by identifying opportunities, responding to RFPs, and preparing client presentations.
• Coach and mentor junior team members, deliver internal training, and provide constructive feedback.

Requirements:

• Bachelor’s degree or above in Computer Science, ICT, Information Systems, Risk Management, or related disciplines.
• Holders of professional certifications such as CISA, CISM, CISSP, or CCSP are required.
• Experience in first line of defence cybersecurity roles within the financial sector will be advantageous.
• Strong knowledge in cloud platforms, system architecture, and security for e-banking, core banking systems, as well as OS (UNIX, Linux, Windows, AS/400), databases (Oracle, SQL Server, Sybase), and network devices (routers, firewalls, etc.).
• Minimum 5 years of experience in at least three of the following areas:
• HKMA regulatory compliance (e.g. TM-G-1, TM-E-1, Outsourcing SA-2, iCAST, GL20).
• Security assessments using frameworks like NIST-800, ISO27002.
• SWIFT CSCF assessments.
• Cloud security assessments on SaaS platforms (e.g. Bloomberg, Microsoft 365, Salesforce).
• Cloud hosting security assessments (AWS, Azure, GCP, Alicloud).

Familiarity with business and operational workflows in at least three of the following:

Retail banking internet/mobile operations.

Internet/mobile security trading workflows.

Financial asset trading and clearing for products like bonds and ETFs.

Life insurance mobile/internet operations.

Excellent communication, consultation and report writing skills in English and Cantonese; Mandarin is an advantage.

Proven ability in managing proposals, building long-term client relationships, and delivering exceptional client service.

Experience in leading and motivating a team to achieve high performance.