Job ref no.: CT3119652-01#0567

Technology Risk Manager

Robert Walters

Our clinet is a leading international bank.

Risk Governance
Ensure that the Functional Head of Technology, as well as relevant staff understand and accept their operational risk management responsibilities.
Support training initiatives from Group OR, wherever required, and when time permits.
Ensure Technology Unit Operational Risk Managers (UORM) are effective in identifying, monitoring, managing, remediating, and escalating risks and issues

Risk Appetite
Periodically assess the country operational risk profile to maintain alignment with the country risk appetite.
Review and challenge country strategy where this is not aligned with the country risk appetite.
Maintain operational risk capability and a control environment which is in line with the operational risk.
Assess periodically the operational risk profile for Technology and maintain alignment with risk appetite by rebalancing controls that may be required in response to internal and external factors.

Risk Control Ownership of Operational Risk
Ensure the functional head and process owners within Technology understand and accept their risk management responsibilities.
Challenge the completeness of risk identification, monitoring and assessment of the corresponding control activities required within the end to end processes to identify and follow through the remediation by the 1st line Technology of any significant deficiencies.
Ensure compliance with operational risk policies & procedures.
Risk identification and Assessment
Validate and challenge the 1st line Technology risk identification and assessment of gross and residual risks arising within the end to end processes.
Assess the control environment including, but not limited to, control design, control execution, control testing and control history.
Recommend changes to the control environment or to business practice where necessary to reduce the level of operational risk exposure to within the agreed appetite. Ensure such changes are agreed with global process owners and global OR Officer for that function prior to in country implementation.
Review the design of effective process controls by the 1st line Technology to manage all material risks linked to the process control failure - regularly assess existing local key control standards (LKCS), key risk indicators (KRI) and key control indicators (KCI) to ensure cost effectiveness, efficiency, and relevance.
Provide a balanced and informed assessment of all operational risks arising from acquisitions or major change initiatives or projects within the country.
Risk Acceptance
Review risk record templates for acceptance of medium, high and very high-country level risks.
Challenge relevant function’s activities where risks are not aligned with control requirements or risk appetite.
Risk Monitoring
Ensure residual risk assessments are performed at appropriate frequency by the 1st line Technology and reviewed and approved by the 2nd line SORO. This includes ensuring completeness, accuracy and timeliness
Periodically review operational risk assessments to ensure these appropriately reflect changes environment, mitigating controls and the progress of treatment plans.
Systematically monitor process control effectiveness where there are material risks of process control failure.
Conduct periodic assurance over process, control and risk metrics for completeness, accuracy and timeliness, of KRIs and KCIs. Ensure any issues identified are remediated in a timely manner
Review and update annual key control testing plans.
Risk Management
Identify root cause of control defects highlighted during control testing and ensure there are appropriate plans in place owned by the 1st line Technology to remediate.

Risk & Loss Reporting
Ensure that risks requiring acceptance as escalated as per the policy for operational risk assessment and acceptance.
Report and escalate the Significant Operational Risk Events (SORE).
Ensure the 1st line Technology provides Root Cause Analysis (RCA) / Root Cause Review (RCR) reports for relevant risk events.
Provide risk information / updates to the Country Operational Risk Committee (CORC).

Stress testing
Conduct, at least annually and with guidance from group specialists, a stress test and scenario programme for operational risk [as part of ICAAP], review the results and assess their implications.
Ensure that operational losses, near misses and audit fails are escalated to the group function in a timely fashion.
Contribute relevant scenarios to perform stress testing relevant to the business/function, review the results and assess their implications.

Strategy & Planning
Inform the development of country business plans, exercising appropriate focus on the implementation of robust operating environments, within risk appetite, to support business aspirations.


Regulatory & Business Conduct
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the bank.


Knowledge and Skills
An in-depth understanding of the technology risk/control environment
Operational risk management experience
A clear understanding of the Bank’s approach to the management of operational risk, or equivalent experience gained in other organisations.
Ability to leverage resources across the organisation to complete deliverables.
Sound judgement and courage necessary to perform a control role and maintain effective working relationships.
The following Professional Level certificates are recognised under the ECF-C, HKMA (at least 1 certificate is required).
CSX Specialist Certificate (CSX-S)
CSX Expert Certificate (CSX-E)
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Security Manager (CISM)
ISACA Certified in Risk and Information Systems Control (CRISC)
ISACA Certified in the Governance of Enterprise IT (CGEIT)
ISC2 Certified Information Systems Security Professional (CISSP)
ISC2 Certified Cloud Security Professional (CCSP) professional (CCSP)

Interested parties please click Apply Now to apply job.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.