FSO - Consulting - Business Consulting - Technology Risk - Senior/Staff Associate - Hong Kong
Technology compliance, licensing, governance setup, massive data storage and related privacy security, virtual asset management, and resilience of the business require rigorous technology risk measures to safeguard the crown jewels and comply with regulatory requirements. As a technology risk specialist, you will guide clients to manage technology risks, comply with regulatory requirements and strengthen cybersecurity postures. At EY, you will belong to an international connected team of specialists helping clients with their most complex information security needs and contributing toward their business resilience. You will apply your technical skills to support businesses to identify and manage risks while enhancing their agility.
Your key responsibilities
The technology risk team focuses on providing clients with consulting services which include:
- Conduct technology compliance review for institutions in the banking, wealth and asset management and insurance sectors licensed under Hong Kong, the Greater Bay Area and other regions
- Analyze IT environment, identify risks and evaluate controls, including cloud security aspects in accordance with regulatory requirements and industry standards and best practice
- Act as an enabler to help clients with their compliance needs, especially under controls and requirements from the local and regional regulators
- Act as a licensing advisor to support clients on their financial activity licensing journey from the technology risk perspective in cooperation with other EY teams
- Assess and implement information security management frameworks based on well-known industry standards (e.g., ISO, NIST, COBIT, SANS)
- Assist clients in building a holistic governance and incident management framework to effectively respond to and recover from cyber incidents
- Assess and advise on managing risk from emerging technologies such as blockchain, virtual assets, artificial intelligence, machine learning and big data
- Develop and review information security strategy plans in alignment with business requirements using risk-based approach
- Perform information security awareness training and training program development for clients
- Conduct vulnerability scanning, penetration test and cyber-attack simulation to assess and improve the effectiveness of controls in place
- Manage client expectations and program implementation plans attending to stakeholders’ needs using project management principles
- Keep up-to-date with the latest security trends and privacy laws that could have an impact on clients
- Provide IT risk assurance service to clients by quality, independent audits of financial systems to maintain the integrity of the financial information
- Contribute to the development of the technology risk team acting as a mentor and coach to the junior members of the team and leading by example
- Work effectively as a team member, sharing responsibility, providing support and maintaining communication
- Assist senior members of the team in the project management of client engagements
- Contribute to the creation of proposals and go-to-market materials
Qualifications
- Bachelor’s degree or masters’ degree preferably in one of the following areas: Information Security, Business Management, Information Systems, Computer Science, Engineering, and other related majors
- 2-5 years of relevant working experience, with hands-on experience in key components of the above-mentioned areas. Applicants with less experience or university graduates will be considered for junior position
- Possession of the following certifications (including but not limited to): CISA, CISM, CISSP
- Working toward the following technical certifications (including but not limited to): CRTP, CRTE, OSCP, GPEN, GXPN, Cloud-related certifications
- Good computer skills in Word, Excel, PowerPoint, Visio and Chinese processing
- Knowledge of SQL, Python or other programing languages would be considered as an advantage
- Excellent written and spoken English and Chinese. Fluency in Mandarin is an advantage
What we look for
As a highly motivated individual and a good communicator, you will need to convey technical content in business language with senior management. You will also need to be a team player who is not only looking to enhance career growth, but also recognizes the value of developing others and strengthening the team.
We offer a competitive compensation package where you will be rewarded based on your performance and recognized for the value you bring to the business. We also offer:
- Support, coaching and feedback from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that is right for you