China CITIC Bank International Limited - Hong Kong


  • Build to reinforce IT governance and compliance monitoring segregated from the IT operation and implementation to liaise the technology standard and compatibility with new technology;
  • Enhance the compliance monitoring in order to minimize potential risk, performance issue and other audit issues, which is in line with the expectation of the Bank and the regulators.



  • Strengthen the 1st line of defense to improve oversight of technology risk and support the rapid Fintech development and transformation initiatives.
  • Maintain and uphold the risk governance and management framework
  • Assist to develop and maintain Information Security Policy and Cyber Security Strategy, associated standard and guidance pertaining to regulatory requirement and industry standard.
  • Organize and plan the corresponding actions to align with HKMA’s Cybersecurity Fortification Initiative (CFI) including but not limited to conducting risk and maturity assessment; adoption of intelligence sharing platform; and professional development.
  • Ensure IT practices and controls are adequately developed to address information leakage risk.
  • Provide advice to the adoption of emerging technologies not limited to services and products.
  • Organize bank-wide awareness education program and necessary trainings to promote the security cultures of the Bank.
  • Coordinate and respond to audit issues in relation to Cybersecurity to satisfy the compliance requirement.
  • Assist the KRI reporting and review indicator when requested, support to provide materials for committee meetings.


  • Perform risk assessment to ensure oversight of technology risk across domains of IT infra and security expertise
  • Evaluate technology deviation and liaise with IT teams of implementation process
  • Liaise external 3rd party to conduct independent assessment.


  • Perform gap analysis on HKMA CRAF framework and associated guidance
  • Provide input to Planning and Control team for inspections and examinations by the regulators, internal audit and external audits; handle information request and follow up IT related recommendations.


  • Degree holder in Information Technology or related discipline.
  • Minimum 9 years’ experience in IT and/or Information Security/Technology Risk Management, 3 years in people management
  • Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
  • Certified in CISSP, CISA, CISM or other recognized certificate is a must
  • ITIL/PMP certification is preferred
  • Certified in CEH, GIAC, CCNP would be an added advantage