Company: China Merchants Bank Luxembourg China Merchants Bank Co., Ltd., founded in 1987, is China’s first joint-stock commercial bank which has been ranked among China’s top commercial banks for many consecutive years. CMB set up a branch that provides commercial banking services in Luxembourg in March 2015 and acts as the gateway and regional headquarter of CMB group in Continental Europe. In May 2021, China Merchants Bank Co., Ltd., has the subsidies-China Merchants Bank (Europe) S.A. in Luxembourg.
- Developing and implementing policies and frameworks for IT security and risk management.
- Monitoring and managing the IT systems to ensure that they are secure.
- Conducting ICT and Cybersecurity Risk-Self Assessment, in line with both EU regulation and HO policies.
- Ensuring that IT control framework is aligned to the CMB HO framework when relevant.
- Identifying potential regulatory and non-regulatory IT risks through thorough and ongoing risk assessments (such as the possibility of system failure or data loss).
- Assisting in finding practical and cost-effective solutions to identified or revealed security and risk issues.
- Building and maintaining strong and effective working relationships and effective means of communication with other relevant functions such as IT, RM, LC, OP departments.
- Working closely together with internal and external auditors on ICT Risk topics.
- Design an extensive training program and organize regular training targeted to different functions within the Bank.
- Implement a set of Key Risk Indicators (KRI) and defining metrics to regularly measure control effectiveness.
- Providing regular reporting on the ICT risk exposure, mitigating efforts, key milestones, KRIs, escalation of operational events and breaches.
- Actively engaging in end-to-end risk remediation planning, resolution, and monitoring activities.
- Serve as the point of contact for all ICT Risk Management matters.
- Monitoring key trends in the regulatory environment and best market practices (including implementation of DORA, review of real case studies, following the latest industry best practices)
- Raising awareness: influencing behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
- Master's degree (information technology, computer science, information security or a related field).
- At least 6 years of professional working experience in ICT Risk Management or in IT.
- Familiar with applicable banking regulations and how they impact the information technology (IT) department.
- Strong interpersonal skills and the ability to develop effective trustworthy relationships with the IT, RM, LC departments and business stakeholders.
- Staying aware of Information Security current affairs, business continuity, data management, security and encryption, and vulnerability analysis and audit.
- Fluent in English and Chinese. Excellent communication skills, both written and verbal to be able to articulate complex IT risks in simple business terms.
- Any relevant certifications is a plus (CISSP, CISA, CRISC).
- Audit or controls background, Big Four experience a plus.
The preceding description is not designed to be a complete list of all duties and responsibilities.