Job ref no.: 494307
Bank of China (Hong Kong) Limited

Senior / Technology Risk Manager (Cyber Security Control Division)

Bank of China (Hong Kong) Limited

Job No.: 494307
Employment Type: Full time
Departments: Information Technology Department
Job Functions: Information Technology, Risk Management

1. Roles and Responsibilities & Specific Requirements (Application Security):

  • Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
  • Assist to establish and review policies, guidelines, procedures in application security area
  • Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
  • Conduct regular assessment on application security
  • Familiar with security testing tools e.g. Fortify, AppScan and Nessus, technologies on DevSecOps and industry good practice OWASP is preferable

2. Roles and Responsibilities & Specific Requirements (Cyber Security):

  • Provide Cyber Security incident response operation and support.
  • Experience in OSINT, malware analysis and digital forensics.
  • Research and evaluate on latest security threats and Cyber Threat Intelligence.
  • Participate in Red & Purple Teaming exercises.
  • Familiar with technologies on Firewall, IDS, IPS, SIEM, SOAR and Network/Cloud Infrastructure is preferable.

3. Roles and Responsibilities & Specific Requirements (Platform Security):

  • Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc
  • Conduct regular assessment on data center security

General Job Requirements:

  • Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
  • Over 2 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
  • Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
  • Familiar with HKMA TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
  • Good command of written and spoken English with Mandarin is preferable and
  • Good communication and interpersonal skills;

We offer competitive remuneration package and comprehensive fringe benefits including medical and life insurance, and different types of allowances to the right candidate. Interested parties, please submit your application online. For details, please visit our website

To apply:

Data collected would be used for recruitment purposes only. It might also be disclosed to our subsidiaries or Associated Companies to process the information for appointment. Applicants who do not hear from us within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months of receipt.