Plan and conduct security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
Provide dedicated support to information security risk management processes for onboarding and off-boarding of third-party vendor relationships .
Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
Supports development and maintenance of third-party vendor inventory. Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating risks on third-party vendor relationships.
Provide awareness by conducting training on third-party vendor risk management framework.
Stay informed about latest developments in third-party vendor risk management field.
Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline 。
Over 3 years of experience in IT security, technology risk, risk management, system development management, compliance or IT audit function, gained from other sizable financial institutions.
Demonstrated experience working with the regulators and external auditor .
Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
Good command of written and spoken English and Mandarin is preferable.