Principal Accountabilities: Key activities and decision-making areas
Impact on the Business
1. Lead a team of AVPs, Managers and Management Analysts in executing the CA assessment plan, ensuring the accurate, efficient, and timely completion of independent control assessments for TCSD risks and associated controls.
2. Oversee the quality of work delivered by the CA team and ensure compliance with CA and RCAS templates, procedures, and quality requirements.
3. Understand and document the remit, process composition and team handovers of relevant controls.
4. Proactively monitor the portfolio of assigned and relevant risks to identify key emerging trends and themes to inform the CA assessment plan and the continuous development of CA & RCAS methodology and procedures.
5. Evaluate and manage the allocation of resources on an ongoing basis to ensure completion of assigned control assessments.

Customers / Stakeholders
1. Build strong professional relationships with all internal stakeholders, adopting a joined-up approach to the execution of tasks with minimum conflict, while ensuring the independence of CA.
2. Develop and maintain positive and professional relationships with key external stakeholders, where required.
3. Ensure that executive and senior management in the business, functions and Compliance are advised of matters arising, and emerging trends, from assurance reviews and analysis.
4. Provide stakeholders with insight into CA activities.
5. Liaise with both First Line CCO teams and Internal Audit in line with the Integrated Assurance Framework to ensure that assurance activities and plans take full consideration of First and Third Line Assurance and inform audit activity.

Operating Effectiveness & Control
1. Contribute to the development of CA procedures and templates, in collaboration with Controls Assurance Coordinator (CAC), Professional Practices (PP), Automation and Analytics and relevant SMEs, ensuring high operating standards within the division.
2. Drive high operational standards within the team and avoid high-risk findings from Internal Audit or other internal / external Assurance teams.
3. Be innovative in executing all responsibilities and providing solutions to complex issues in a dynamic, high-risk environment. Support the Head of CA in meeting the requirements of the sub-division.

Major Challenges
1. Bank expectations for ever more insightful, efficient, and cost-effective assurance, requiring an innovative mindset. Understanding the expectations of the regulators, external bodies and governmental initiatives and the Group's shareholders and customers, as well as the complexity of financial services regulation and the diversity of business and geographies within the Group as a whole and taking these into account when configuring test scripts.
2. The importance of risk management, and consequence of ineffective risk management, continues to be heightened via regulatory and media focus.
3. Determine innovate ways of testing controls in a precise and efficient manner, harnessing analysis of data where possible.
4. Delivering assurance in an insightful, considerate, commercially minded yet independent manner that meets business needs.
5. Applying assurance in an environment of increasing commercial and regulatory change.

Role Context
The role holder will require specialism in managing and / or assuring TCSD risks and controls, across the following activities (with specialism in many being advantageous).
• IT Asset & Inventory Management
• Architecture Management
• Change Management
• Deployment Management
• System Data Integrity
• Software Development Lifecycle
• Security Awareness & Training
• IT Protective Security Technology
• Network Resilience
• Network Security

1. Minimum of 5 years proven experience in Assurance, Testing, Audit, or consulting roles for IT / Cyber / Data either in second or third line of defence capacity.
2. Experience in auditing / testing operating systems, databases, networks, security systems, cloud services and other general controls; Change Management, Incident Management, Recovery Management and SDLC.
3. Experience in IT control frameworks (COBIT, NIST CSF, ISO 27001, ITIL). Ability to lead and individually contribute to assurance reviews to measure the banks technology and cybersecurity controls against these framework requirements as applicable.
4. Minimum Bachelor's degree in related field and /or professional Certifications related to Technology / Cybersecurity Risk (e.g., CRISC, CGEIT, CISA, CISM, CISSP).
5. Proven organisational, planning, interpersonal, managerial, analytical, problem-solving, decision-making, and team building skills.
6. Ability to exercise discretion, work independently within broad guidelines, tactfully handle sensitive and confidential data and complete assignments timely with a professionally inquisitive adaptable and innovative mindset.
7. Ability to manage conflicting priorities effectively and proven ability to meet challenging deadlines.
8. Experience working with local and regional stakeholders and an understanding of global standards of quality and the ability to work with different cultural groups and build consensus and rapport.
9. Experience utilising data analytics tools and techniques (desirable).
10. Requires understanding of the changing regulatory landscape regarding TCSD functions within the banking industry.
11. Fluent in both oral and written English.

福利待遇
- 具竞争力的薪酬：基本工资+绩效奖金+轮班补贴+早晚班交通津贴；
- 健全福利保障：五险一金+补充性商业医疗保险+免费年度体检；
- 畅享10+天假期：除享有国家法定节假日外，还拥有至少10天带薪年假、12天带薪病假、1天生日假、婚假、产检假、产假以及陪产假、哺乳假等，助您达到工作生活的平衡；
- 弹性福利制度：年假可买卖，商业医疗保险套餐可升级，您还可申请旅游补贴、个人进修补助、运动健身补贴等，满足个性化福利需求；
- 人性化工作环境：使用公司的员工餐厅、咖啡室、休息室、娱乐室等，进行劳逸结合；
- 多元化员工活动：运动会、团建、年会等精彩活动给您平台，任您施展才华。

培训与发展
- 广阔的职业发展平台：遍及全球的集团网络，提供扩展人脉及跨文化交流的机会，您还可申请不同国家及地区的长短期职位，不断挑战自我；
- 系统性人才培育及发展：配备职业导师，为您提供清晰的职业规划指导，充分挖掘横向及纵向的发展潜力；
- 完善的专业培训体系：入职即可享带薪培训，多元化的培训机会，还有资源及教育援助，帮您逐步实现职业目标。