Step into the role of Tech Risk Engagement Lead and lead the forefront of technological innovation and security. This pivotal position offers the unique opportunity to influence and shape our approach to cyber threats and compliance, balancing progressive digital transformation with robust risk management. Your leadership will be instrumental in navigating the complexities of technology risks, setting the standard for a resilient and forward-thinking tech environment.

As a Technology Risk Engagement Manager in Cybersecurity & Tech Controls, you will expertly navigate the dynamic landscape of APAC regulatory expectations of cybersecurity and technology controls and related advancements. Independently leading the full lifecycle of regulatory engagements, you will collaborate with internal and external stakeholders to proactively identify and evaluate the Firm’s Cybersecurity and Technology controls, develop strategic and consistent regulatory responses in alignment with the Firm’s risk management strategies, and help support the Firm’s robust risk management framework. Your role is pivotal in uplifting compliance with industry standards and best practices, and leveraging your expertise to provide senior management with insights and recommendations within the Firm's risk appetite. You will have the opportunity to engage in cross-functional efforts, and influence decision-making across the Firm. Your expertise will help shape the Firm's approach to Cybersecurity and Technology Controls, and help foster a secure, compliant and strong risk culture environment.

Job responsibilities

• Independently lead and manage APAC cybersecurity and technology regulatory engagement activities, including inspections, audits etc., and ensuring regulatory responses are delivered timely, and are consistent, accurate, and have robust traceability to support review and challenges from any parties including senior management, 2LOD, 3LOD or regulators.
• Proactively identify, assess and manage cybersecurity and technology risks within the Firm’s 1LOD framework, ensuring that identified issues are raised promptly, and remediation approaches are realistic and sustainable.
• Partner with global 1LOD risk and control functions, cybersecurity and technology teams to conduct risk reviews and/ or control assessments, ensuring compliance with APAC regulatory requirements and alignment with the Firm’s policies, standard and procedures.
• Continuously evaluation of opportunities for further efficiency and/or effective improvements to enhance the Firm’s cybersecurity and technology 1LOD regulatory, risk and control framework and related processes to operate at scale.
• Prepare and deliver risk reports and governance materials with actionable insights for a variety of senior management forums and committees.
• Contribute and/or lead transformation opportunities in regulatory engagement and 1LOD control management through innovation including artificial intelligence.
• Serve as a subject matter expert on APAC related Cybersecurity and Technology regulations to help support senior management decision making and global colleagues related to regulatory expectations, requirements and emerging themes.

Required qualifications, capabilities, and skills

• Bachelor’s Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
• At least 5 years of experience or equivalent expertise in technology and/or cybersecurity risk and control management, with a focus on regulatory compliance in the financial services industry
• Strong knowledge and practical experiences of a variety of APAC regulations (e.g. MAS, HKMA, NFRA, RBI, APRA, etc.) is a must
• Excellent written and verbal communication skills, with the ability to deliver complex and/or challenging topics suitable for senior management, audit and regulators
• Proven ability to navigate and collaborate in a large organization.
• Strong analytical skillset, with a keen interest in leveraging innovative technologies such as Artificial Intelligence to support 1LOD risk and control management
• Good understanding of industry risk frameworks (COBIT, UCF, CRI Profile, etc.)