Regional Corporate Technology IT Risk Manager Job Listing at J.P. Morgan Chase in Hong Kong

Finance

The focus of this role is to ensure successful delivery of a comprehensive IT Risk program for Corporate Technology throughout Asia Pacific. Develop strategies to meet Corporate IT Control policy requirements, and/or defines new policies to satisfy changing business requirements. Assess plans and / or architects control initiatives aligned to mitigate specific Line Of Business (LOB) or firm-wide IT risk. Audits and/or consults on information risk management practices to various constituents within a LOB or across the firm, as well as externally, including regulatory bodies. TheCT IT Risk Manager (IRM) is responsible for the successful delivery of comprehensive IT Risk program. Understand the technology risks and associated controls for specific business units. Communicate the technology related policies and standards and how they should be applied within the business units to ensure risk is managed to an acceptable level and compliance achieved where it represents a significant risk to the business. Proactively identify potential risk exposures within new technology solutions being designed and implemented, and partner with application development (AD) teams and Corporate Security groups to implement appropriate solution to mitigate exposure. Identify areas of unmanaged technology / business risk within the current environment and institute the appropriate controls practices to mitigate exposure. Responsibilities include : Defines and implements a high-quality IT Risk Management program to ensure that theCT business and technology groups operate with a known and acceptable level of risk. Provides IT risk management consulting toCT systems, business, technical, functional and operations groups. Identifies potential information security risks/threats and notifies senior management; actively participates inCT Risk Committee and other risk forums. Establishes working relationships with technical, business and quality assurance counterparts. Collaborates withCT Risk Management, internal and external Audit, and Regulatory bodies to effectively manage and mitigate risk issues. EnsureCT compliance with the firm's IT Risk Management Policies and Standards. Provides subject-matter expertise on applicable government regulation. Promotes awareness programs designed to ensure thatCT business management and Technology staff understand current information risks/threats and how these are to be managed. Advises Technology Development staff regarding firm's 'Secure from the Start' program, including how the necessary risk control processes interface with the Project Delivery Framework. Provides IRM support to majorCT Technology projects. Acts as a subject matter expert in information risk, controls, compliance and security best practices. Manages risk and vulnerability assessments ofCT systems and applications, facilitates compliance/control reviews and associated remediation efforts. Develops effective solutions for the management of information security risk issues, e.g. controls compliance and gap remediation (Enterprise Security Management, Security Event monitoring, etc). OverseesCT Technology Control Self-Assessment, ensuring that control issues/gaps are clearly documented, that detailed remediation plans are developed to address these issues and that the risk acceptance is used appropriately. Contributes to continuous LOB process improvement through risk identification and mitigation.