assistant manager / senior officer - tech risk & it assurance.

Our client, a well-established financial institution, is currently looking for an experienced Senior Analyst / Assistant Manager, Technology Risk & IT Assurance. The ideal candidate will work closely with the team to work on security risk assessment and ensure compliance with security framework.

about the job.

• Perform deep-dive assessments, control testing, and thematic reviews on key technology and cybersecurity controls (e.g., access management, vulnerability management, cloud security, data leakage prevention).
• Review and challenge the 1st Line’s Risk and Control Self-Assessments (RCSAs).
• Provide independent oversight of technology-related projects, new system implementations, and digital initiatives to ensure risks are identified and addressed upfront.
• Review and challenge the 1st Line’s response to security incidents, root cause analyses, and remediation plans.
• Contribute to the development, maintenance, and enhancement of the Technology Risk Management Framework, Information Security Policy, and associated standards.
• Develop and monitor Key Risk Indicators (KRIs) for technology and cyber risk. Prepare clear and concise risk reports for senior management, risk committees, and governance forums.
• Stay updated on the evolving regulatory landscape (e.g., Insurance Authority guidelines on TRM, C-RAF) and assess the company’s compliance posture.
• Perform and review technology risk assessments for third-party vendors and outsourced service providers.
• Serve as a trusted advisor to business units and IT, providing expert guidance on technology risk and security matters.

skills & experiences required.

• Bachelor's degree in Information Systems, Computer Science, Risk Management, or a related field.
• With at least 3 years of hands-on experience in Technology Risk, Information Security Assurance, Cybersecurity, or IT Audit.
• Proven experience in a 2nd Line of Defense role is strongly preferred.
• With knowledge of industry-standard frameworks such as ISO 27001
• Good communication skills, attentive to details, analytics mindset
• With one or more relevant professional certifications, such as CISA, CISM, CISSP, or CRISC is a plus
• Proficient in both written and spoken English and Chinese

If you’re interested in this exciting opportunity please don’t delay and click APPLY NOW for more information you can reach out to Wendy Fung at wendy.fung@randstad.com.hk with the resume.