？ Co-ordinate, drive and direct effective compliance with Group IT Security policies, standards and regulatory guidelines.
？ Implement and support Group and regulatory related IT compliance exercise and compile IT compliance report (e.g. CBRC offsite monitoring reporting, Cyber security Law, Safety Control…etc )
？ Understand regulatory requirements, conduct the analysis to identify the Gap and provide the support to fulfill regulatory requirements in technology risks management and security controls.
？ In accordance with Group ORTP and security governance framework, coordinate and implement the related activities such as conducting inherent risk assessment to identity risk, performing effective controls to minimize/mitigate the risks associated with IT and so on.
？ Co-ordinate and support internal/external audit and regulatory inspections for IT related activities. Follow up IT audit issues, and ensure the audit recommendations must be implemented within the specific timeline.
？ Review and evaluate the strengths and weaknesses of controls of IT systems / Project and recommend effective control measures to ensure compliance with the Group IT security policies.
？ Review security logs in order to identify possible security breaches/exposures and follow up with security access violations.
？ Support to plan, develop and execute security policies and procedures to provide proper authentication, authorizations, access and auditing of data and information assets.
？ Work collaboratively with group and technology teams across functional boundaries to support IT security related projects & initiatives.
？ Perform security risk assessments on IT systems and projects to identify risk, potential threats, business impacts and relevant IT security controls.
？ Drive effective communications with users, peers and managements to promote IT security related policies, processes and procedures and regulatory requirements.