SVP and Head of Technology Risk and Governance

Functional Description

The Head of Technology Risk & Governance is responsible for establishing, embedding, and overseeing the technology risk management and governance framework across HSBC Taiwan. The role ensures technology risks are effectively identified, assessed, managed, and reported in line with regulatory expectations, internal policies, and industry best practices, while supporting secure and resilient technology operations.

• People Responsibility: Y
• Report To: CIO Taiwan

• Role Purpose 

The role provides second-line oversight of technology risks to safeguard the bank’s information assets and technology services. It ensures regulatory compliance, strong control design, and effective risk governance across the technology landscape. The role also acts as a trusted advisor to Technology and Business leaders on technology risk, resilience, and control matters.

• Job Content 

• • Lead technology risk assessments across applications, infrastructure, cloud, and third-party environments, identifying vulnerabilities, control gaps, and emerging risks.
  • Maintain and oversee the technology risk register, including risk ratings, KRIs, mitigation plans, and control effectiveness tracking.
  • Provide independent oversight of technology projects and change initiatives, ensuring security-by-design and risk-by-design principles are embedded throughout the lifecycle.
  • Interpret and implement local regulatory requirements and industry standards related to technology risk, cybersecurity, data governance, outsourcing, and resilience.
  • Manage regulatory inspections, audits, and findings, ensuring clear articulation of risk posture and timely remediation of issues.
  • Oversee technology incident, business continuity, and disaster recovery risk management, including regulatory notifications and root cause reviews.
  • Govern third-party technology risk, ensuring appropriate due diligence, contractual controls, and ongoing compliance monitoring.
  • Produce clear and insightful technology risk reporting for senior management, risk committees, and the Board, highlighting trends, exposures, and emerging threats.

• Skills Requirements 

• • Deep expertise in technology risk management within financial services, including ITGC, application controls, infrastructure, and cloud security.
  • Strong knowledge of regulatory frameworks and standards (e.g., MAS TRM, PDPA, ISO 27001, NIST, COBIT, ITIL).
  • Proven experience in regulatory engagement, audits, and remediation management.
  • Advanced risk assessment, analysis, and reporting skills, including use of KRIs and dashboards.
  • Ability to influence and advise senior stakeholders across Technology and Business functions.
  • Excellent written and verbal communication skills, with the ability to translate technical risk into business impact.
  • Strong leadership, stakeholder management, and collaboration capabilities in a matrixed environment.
  • High integrity, professional judgement, and a proactive, continuous-improvement mindset.

• License/Qualification Requirement

• • Bachelor's degree in Computer Science or a related field.
  • Proven experience in a senior IT leadership role with a track record of successfully leading development teams.
  • Strong business acumen and the ability to align IT strategies with organizational goals.
  • Excellent communication and interpersonal skills.
  • Deep understanding of software development methodologies, agile practices, and emerging technologies.
  • Strong problem-solving skills and the ability to make strategic decisions.
  • Ability to build strong relationships and communicate on complex issues with a wide spectrum of stakeholders.
  • Comprehensive understanding of banking products in context of wider industry trends and direction is preferred.
  • A respectful and balanced attitude towards both risk management and business development.
  • Ability to motivate teams to produce quality work within tight timeframes and multi-works.
  • Excellent written and verbal language skills in Chinese and English.
  • Must be familiar with HSBC IT internal processes and guidelines with a strong emphasis on understanding Taiwan Technology practices.

    ※ Applicants passing resume screening will be notified for interview and next steps. There will be no further notification or message for applicants either not qualifying for or not being selected for the position applied.