Technology compliance, licensing, governance setup, massive data storage and related privacy security, virtual asset management, and resilience of the business as usual require heavy technology risk measures safeguard the crown jewels as well as complying to the requirement of the regulators. As a technology risk specialist, you will guide our clients to manage their technology risks, comply with regulatory requirements and strengthen their cybersecurity postures. At EY, you will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. In simple terms, you know how to use your deep technical experience and apply that to a business where we need to battle risk and agility in the financial sector. 

 

Your key responsibilities 

EY consultants are considered by our clients as experts and trusted in what they do. Our technology risk teams focus on providing our consulting services which include: 

• Conduct technology compliance review for institutions in the banking, wealth and asset management and insurance sectors licensed under Hong Kong, the Greater Bay Area and other regions. 
• Analyse client IT environment, identify risks and evaluate controls, including cloud security aspects in accordance with regulatory requirements and industry standards and best practice  
• Act as enabler with clients that desire to move towards compliance status, especially under controls and requirements from the local and regional Regulators 

• Act as a licensing advisor to help clients in financial activity licensing journey from technology risk perspective incooperation with the other EY teams 
• Assess and implement information security management frameworks based on well-known industry standards (e.g. ISO, NIST, COBIT, SANS) 
• Assist the clients to build a holistic governance and incident management framework to effectively respond to and recover from cyber incidents 
• Assess and advise on managing risk from emerging technologies such as blockchain, virtual assets, artificial intelligence/machine learning, big data, etc. 
• Develop and review information security strategy plans in alignment with business requirements using risk-based approach 

• Perform information security awareness training and training program development for clients 
• Conduct vulnerability scanning, penetration test and cyber-attack simulation to assess and improve the effectiveness of controls in place 
• Manage client expectations and program implementation plans attending stakeholders` needs using project management principles 
• Keep up-to-date with the latest security trends and also applicable privacy laws that could have an impact on clients 
• Contributing to the development of the existing technology risk team acting as mentor and coach to the junior members of the team and leading by example  

• Work effectively as a team member, sharing responsibility, providing support, maintaining communication 
• Contributing to the creation of proposals and go-to-market material 

 

Qualifications 

• Bachelor’s degree or masters’ degree preferably in one of the following areas: Information Security, Business Management, Information Systems, Computer Science, Engineering, and other related majors  

• Relevant working experience (Less experience will be considered as junior grades) with hands-on experience on key components of the above-mentioned areas 
• Possession of the following certifications (not limited to): CISA, CISM, CISSP 
• Working towards the following technical certifications (not limited to): CRTP, CRTE, OSCP,GPEN, GXPN, Cloud-related certifications 
• Good computer skills - Word, Excel, PowerPoint, Visio and Chinese processing 
• Excellent written and spoken English and Chinese. Fluency in Mandarin is an advantage 

 

Skills and attributes for success

A Big 4 background or comparable consulting experience is advantageous, although some of our strongest performers come directly from industry therefore candidates with excellent industry experience and demonstrable success managing transformation workstreams and proven experience of conducting cyber discussions at senior management are also encouraged to apply;

A broad background across security is expected with specific experience in 1 or more of the following areas essential;

• Experience in managing and supervising teams of professional employees and mentoring team members through development feedback and performance processes
• Experience in project management, preparing and providing high quality reports, and giving presentations to clients
• Logical thinker with strong interpersonal and organizational skills. Able to interact effectively with both management and clients
• Supervising, coaching, developing and leading teams and individual team members.

 

What we look for

Highly motivated, a good communicator you will need to convey technical content in business language with senior management.  You will also need to be a team player who is not only looking to enhance their own career, but recognize the value in developing others and strengthening the team.

 

What working at EY offers

We offer a competitive compensation package where you will be rewarded based on your performance and recognised for the value you bring to the business. We also offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that is right for you

  

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world.

Apply now.