China Construction Bank (Asia) Corporation Limited

VP/AVP - Information Security Risk Management

China Construction Bank (Asia) Corporation Limited

Job Highlights

  • Degree holder in Information Technology
  • Minimum 5 years of relevant experience
  • Experience in technology risk management

Main Responsibilities

  • Implement systems security polices, perform IT security administration, control, review, and support regular security profile review
  • Manage the technology risk management processes to identify emerging or existing technology-related risks including but not limited to measure the impact, likelihood and direction of technology-related risks, regularly monitor any technology-related issues or incidents and control the risks through preventive, compensating and contingency measures
  • Establish and enforces standard of process related to Technology Risk Management
  • Manage the IT security function to ensure strict adherence to the corporate security control requirements, establishes corporate security policies / standards / baselines and departmental procedures, oversee security administration and control, and conducts regular security profile review
  • Manage and monitor project progress to ensure consistency and uniformity from Information Security Risk perspective
  • Manage cyber security risk and perform investigation of any technology-related frauds and incidents
  • Support internal / external / regulatory audit review and conduct service provider review
  • Ensure awareness of and compliance with IT control policies, corporate standards and regulatory requirements
  • Review security matrix e.g. toxic combination and configuration review
  • On-call standby support is required during non-office hours


  • Degree holder in Information Technology or related discipline
  • Minimum 5 years of relevant experience in Technology Risk or Information Security Risk domain, preferably gained from banking / finance industry
  • Experience in technology risk management and IT compliance is an advantage
  • Strong understanding of Information Technology Risk Management
  • Sound knowledge of database, operating systems and information security practices
  • Customer-oriented, good communication and interpersonal skills
  • Holder of ECF-C recognized certification at professional level is required
  • Able to work under pressure and willing to work overtime
  • Strong problem-solving skill and analytical mind set
  • Good command of written and spoken English and Mandarin

Applicants who are not contacted within 8 weeks may consider their applications unsuccessful and their personal data will be retained by the bank for a period up to two years.

All information provided by applicants will be used for recruitment purposes only and will be used strictly in accordance with the bank’s personal data policies, a copy of which will be provided upon request.