Job ref no.: 494307
Bank of China (Hong Kong) Limited

Technology Risk Management – Manager (Cyber Security)

Bank of China (Hong Kong) Limited

Job No.: 494307
Employment Type: Full time
Departments: Information Technology Department
Job Functions: Information Technology, Risk Management

Roles and Responsibilities:

  • Provide advisory and recommendation from risk perspective.
  • Provide Cyber Security incident response operation and support.
  • Research and evaluate on latest security threats and Cyber Security Intelligence.
  • Assist to establish infrastructure review processes on network and infrastructure operation.
  • Participate in Cyber Security projects for the Design, development and implementation.
  • Participate in Red Team testing.
  • Assist in planning of technology related risk management strategies, processes and work plans.
  • Manage independent penetration test for the corporate infrastructure.
  • Familiar with security testing tools e.g. Fortify, AppScan and Nessus is preferable.
  • Familiar with technologies on Firewall, IDS, IPS, SIEM , DevSecOps and Network/Cloud Infrastructure is preferable.
  • Familiar with industry good practice OWASP is preferable.

Job Requirements:

  • Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
  • Over 2 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
  • Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
  • Sound knowledge of application security, network security or platform security.
  • Good command of written and spoken English with Mandarin is preferable.
  • Good communication and interpersonal skills; and
  • Independent and strong self-initiative.
  • Candidate with less experience will be considered

We offer competitive remuneration package and comprehensive fringe benefits including medical and life insurance, and different types of allowances to the right candidate. Interested parties, please submit your application online. For details, please visit our website

To apply:

Data collected would be used for recruitment purposes only. It might also be disclosed to our subsidiaries or Associated Companies to process the information for appointment. Applicants who do not hear from us within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months of receipt.