As a Senior Technology Risk Manager, you will be entrusted with significant responsibility for safeguarding the organisation’s digital assets. Your day-to-day activities will involve collaboration with departments to develop policies that address current and future risks. You will lead efforts in conducting assessments across diverse technology environments—and play a central role in orchestrating incident response operations.
What you'll do:
• Formulate, review, and manage comprehensive cyber security policies, standards, and procedures to ensure organisational compliance with internal and external requirements.
• Assist in planning technology-related risk management strategies by developing processes and work plans that address evolving cyber threats.
• Participate actively in the design, development, and implementation phases of key cyber security projects to enhance overall protection measures.
• Plan and conduct thorough cyber security assessments and IT risk evaluations covering areas such as IT general controls, information asset management, access controls, cloud/server/endpoint/network/middleware security reviews.
• Support the execution of security initiatives to maintain compliance with corporate information security policies as well as local and international compliance standards.
• Organise and conduct penetration tests, red/blue/purple teaming exercises, vulnerability assessments, validation controls for both local and overseas entities to identify potential risks.
• Provide operational support for cyber security incident response activities by collaborating closely with local and regional Security Operations Centre (SOC) teams to improve daily monitoring, analysis, investigation, and response protocols.
• Coordinate cross-country cyber incident response drills to ensure preparedness for large-scale or complex incidents affecting multiple jurisdictions.
• Serve as a subject matter expert by supporting business units and cross-functional teams in identifying cybersecurity risks, discussing control gaps, and proposing effective remediation strategies.
• Research the latest developments in cyber threats and threat intelligence to keep the organisation informed about new risks while evaluating innovative solutions.
What you bring:
• A degree in Computer Science, Information Systems or a related discipline provides you with a strong technical foundation essential for this role.
• 5+ years’ experience in IT security, technology risk management, compliance or IT audit functions gained within sizable financial institutions ensures you are familiar with industry challenges. (multiple headcounts available for junior to senior candidates)
• Possession of at least one recognised professional qualification under HKMA enhanced competency framework such as CISA, CISSP or CISM demonstrates your commitment to professional excellence.
• Additional industry-recognised certifications such as OSCP/OSCE/OSWE/OSEE/GXPN/GPEN/GCPN/GCIH/GSOC/GCFA/OSDA/CCIE/CCNP are highly desirable for candidates aiming to stand out.
• Familiarity with regulatory frameworks including HKMA TM-E-1/TM-C-1/TM-G-1/C-RAF/PCI-DSS/ISO 27001/PDPO/NIST/MITRE ATT&CK/OWASP is advantageous for navigating compliance landscapes.
• Hands-on experience with technologies such as Firewall, IDS/IPS/WAF/DNS Security/Email Security/SIEM/SOAR/DLP/UEBA/BAS/XDR/Deception/Generative AI/Machine Learning/Application of AI/ML/LLM/MCP/RAG libraries in Python is preferable for addressing modern threats.
• Proven track record coordinating cross-country cyber incident response drills highlights your ability to manage complex scenarios involving multiple stakeholders.
• Experience managing SOC operations including offensive security/container security/CSPM/threat hunting/OSINT/dark web monitoring/malware analysis/secops/digital forensics/attack surface management/cloud/on-premises anti-DDoS solution/threat modeling/supply chain cybersecurity/vulnerability management is highly valued.
• Excellent command of written and spoken English is required; proficiency in Mandarin is considered an advantage for effective communication across regions.
What sets this company apart:
This institution stands out due to its unwavering commitment to technological advancement paired with a deep-rooted culture of collaboration. Employees benefit from extensive training opportunities designed to foster both personal growth and professional development. The organisation’s inclusive approach ensures that every team member’s voice is heard—encouraging open dialogue around new ideas while supporting flexible working arrangements when possible. With access to state-of-the-art tools and resources—including advanced AI-powered solutions—you’ll have everything needed to stay ahead of industry trends. The company’s regional presence means you’ll gain valuable exposure through cross-border projects while contributing meaningfully towards building safer digital ecosystems throughout Asia Pacific. If you are looking for an environment where your contributions are valued and your career can flourish alongside knowledgeable colleagues who share your passion for cyber security excellence, this is the place for you.
What's next:
If you are ready to take on this rewarding challenge where your expertise can make a real difference in protecting critical assets on a global scale, we encourage you to apply now!
Apply today by clicking on the link provided – seize this opportunity to advance your career within one of Hong Kong’s most respected financial institutions.
