Asia Information Technology Risk and Security Management Lead Job Listing at J.P. Morgan Chase in Hong Kong

Finance

The ITRSM Risk Governance component involves oversight and IT Risk leadership for all IT Risk staff in the location. The main objective is to establish and drive the IT Risk Framework, monitor compliance via metrics and escalate significant variances to Senior Management. The role will also ensure that local risk management and the local technology groups provide a consistent and effective implementation of control initiatives. The individual will assist the Firm in identifying and monitoring Key Risk Indicators that would allow us to manage technology risks for both new and existing technology. The position will provide Management for all the Hong Kong ITRSM staff based in the location, and will provide coordination activities for all IT Risk initiatives in Hong Kong, ensuring they are in line with the Global, Regional IT risk strategy with consideration of the location Business needs. It will act as a local sponsor for all IT Risk initiatives in the location to ensure firm-wide and regional risk initiatives are understood in Hong Kong. In addition the Lead will establish the local control technology vision and roadmap that aligns with the business needs of the Firm while participating in IT risk governance forums. The individual will also have primary responsibility for Regulatory Relationships with respect to the Technology environment. The individual will manage the Hong Kong IT Risk Committee making sure the meeting is properly attended, topics are relevant and actions are documented and actioned. The individual will also be a member of the regional IT Risk Leadership forum and from time to time will be required to attend and present at the Global Information Technology Risk Leadership Forum. Objectives: ITRSM Governance As a member of the Information Technology Risk and Security Management (ITRSM) function, the candidate will be expected to:

• Support the ITRSM regional head with the development and implementation of the ITRSM Risk Management Strategy.
• Ensure that all pertinent Information Risk and Control regulatory requirements and applicable internal policies are understood by Line of Business (LOB) clients, technologists, and IRM team members, and that these policies are implemented and monitored successfully.
• Drive the IT Risk and Security Agenda for Hong Kong. Includes the chairing of the Hong Kong IT Risk Committee meetings, providing sponsorship for global initiatives and providing regular updates to Hong Kong CCO's and Technology management.
• Provide local management and supervision for ITRSM staff, including LOB IRM leads.
• Active participation in Asia-wide IT Risk Management activities, and to represent Hong Kong on the Asia ITRL.
• Participate in global IT Risk and Security Management activities, and lead specific activities as required.
• Act as the primary contact for JPMC with local regulators, for all IT Risk aspects, and coordinate all responses to any requests, audits or inspections.
• Participate in selective Firm-wide and industry-wide forums and working groups to ensure linkage between the location and any external or internal requirements.
• Drive execution of effective IT/Regulatory compliancy strategy.
• Promote and improve awareness of security threats, laws and regulations, policies and standards.
• Provide IT regulatory interface and coordinate with compliance for the interpretation and implementation of IT Regulations.
• Identify and maintain variances in policies and standards for addressing Hong Kong specific regulatory requirements.
• Reviews proposed Firm wide IT Risk Policies Standards and ensure input of Hong Kong requirements.
• Monitor technology compliance on IT laws and regulations.
• Collaborate with compliance and regional ITRSM for on-going maintenance of regional Technology Compliance Database for Hong Kong IT laws and regulations update.
• Reinforce Information Risk Policies and Standards, and provide risk management support to businesses running in Hong Kong.
• Maintain and track Hong Kong risk posture.
• Manage links to other relevant firm-wide bodies (IT Governance, Audit, Operational Risk, Legal/Compliance, Resiliency Risk Management)
• Maintain relationships with key stakeholders and regulators.
• Provide expertise in current industry trends in information risk and security standards and best practices.