Job Preview

IT Risk Director - AsiaPac

Job Description




The Director, IT Risk Asia-Pacific is responsible for providing IT Risk Management subject matter expertise to the first line of defence operating teams for all businesses operating in AsiaPac.  Responsible for enterprise governance activities including oversight and challenge of the first line of defence execution groups within the business platform, assisting in setting and maintaining policy that aligns with the business framework, facilitating risk appetite development, providing IT Risk performance management and reporting governance, and continuously developing a risk aware culture for all businesses operating in AsiaPac



Strategic Oversight and Challenge:

  • Reporting to the VP, IT Risk Governance, the Director, IT Risk AsiaPac oversee IT risk management practices covering the five domains of IT Risk, provide interpretation and counsel on policies, and challenge existing practices for Enterprise IT Risk within all businesses operating within Asia-Pacific. 
  • Collaborate with Business Aligned IT Risk Directors to provide subject matter expertise to determine appropriate controls and to advise the business on the implementation of controls taking into consideration specific business platform and regional complexities and issues.
  • Provide advice and counsel to platform executives and senior management to enhance their ability to anticipate, identify, manage, and remediate IT risk effectively.
  • Act as the Centre of Expertise for IT Risk best practices managing key business platform executive relationships for all businesses operating in AsiaPac.
  • Utilize in-depth understanding of business platform factors and requirements and the associated impact on IT Risk governance to provide input into strategic development in conjunction with the Business aligned IT Risk Directors
  • Revise and customize policies to meet the requirements of the platform in order to provide assurances of compliance while minimizing adverse impact to business operations.
  • Contribute to and support the execution of IT Risk management programs.
  • Challenge the first line of defence within each business platform to ensure the IT Risk profile is a balanced, comprehensive and transparent reflection compared to risk appetite.
  • Lead the collaborate effort to review IT Risk assessments executed by the business including deep dive assessments, scenario analysis and new product or change initiative assessments.
  • Develop content for quarterly reports to regional business COO and IT Heads operating in region.  The IT Risk profile will include application, infrastructure and third party Risk Indicators.       AUTHORITIES, IMPACT, RISK
  • Regional scope and impact.
  • Interact with senior management levels within Technology, line of business senior executive management, GRM and Centres of Governance as required in all matters relating to IT Risk within the Investor & Treasury Services business platform.
  • Keep apprised and ensure appropriate review of significant and/or confidential risk issues.
  • Significant impact to the organization as this will provide a means by which RBC and its businesses understand and manage their IT Risk in an efficient and effective manner.



  • Reports to VP, IT Risk Governance
  • Regional Management & Executives within each business platform
  • Risk Advisor Peers within Business Platform -  IT Risk Directors, Associate


Directors, IT Risk Domains


  • Second line of Defence Operational Risk
  • Technology & Operations senior and executive management
  • Regional Heads of Operational Risk Management in businesses and functions
  • Enterprise Operational Risk Management team
  • Counterparts in other financial institutions involved in IT Risk Management


  • Represent IT Risk on Program Operating Committees and or steering committee or associated governance/review activities on key business initiatives ensuring that existing and emerging IT Risks for new products, processes and transformational initiatives are identified.
  • Track and consult on IT Risk remediation action items.
  • Liaise with regulators in the regions where the business platform has a presence to ensure up to date knowledge of various regulatory requirements and assist in the response to requests.
  • Work directly with the leadership team of the first line of defence to embed an understanding of the business line IT Risk profile and risk appetite into strategic decision making; challenge executive decision making that contradicts profile and risk appetite.
  • Collaborate with stakeholders including the IT Risk Management CoG, regional Operational Risk Management teams, relevant Centres of Expertise, relevant Operational Risk Centres of Governance, EORM, etc. as required.
  • Ensure dissemination of information on RBC’s IT Risk management practices and programs to foster sound IT Risk management within the platform.
  • Liaise with industry peers to develop insights into leading IT Risk management practices.


Policy and Risk Appetite Management:

  • Provide input into the setting of risk appetite based on regional and platform specific differences and specific considerations.
  • Engage with Domain Leads (subject matter experts) in Information Security, Disaster Recovery & IT Continuity, Infrastructure, Data Governance, Performance & Scalability, and Change Management/ Development Practices to obtain technical domain advice as appropriate.
  • Provide IT Risk policy interpretation to first line of defence and advise them on the development of standards and procedures that align with policy in order to ensure Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) are met.
  • Establish effective monitoring practices to ensure adherence to the IT risk management framework and policy and assist business in the identification of issues.
  • Monitor third party vendor deficiencies and policy exceptions and provide solutions to mitigate risk and remediate control deficiencies.
  • Work with regional advisors to advise and collaborate with IT and the business on appropriate ways to strengthen controls in non-compliant areas.
  • Advise and assist first line of defence in IT Risk mitigation planning activities.
  • Provide expertise and assistance to the platform in the development, implementation and monitoring of the Enterprise Risk appetite by overseeing the business as they write and annually refresh their risk appetite statements.
  • Ensure that the IT Risk Profile is fairly presented through ongoing reporting, and escalate to executive management when the IT Risk Profile is at or near the defined Enterprise Risk Appetite.


Awareness Leadership:

  • Promote IT risk management as an embedded discipline within the region and across business platforms. 
  • Provide guidance to Communication/Training and Awareness teams on platform specific requirements.


Specific Accountabilities – Behavioural:

  • Change Leadership
  • Impact & Influence
  • Achievement Motivation
  • Organizational Awareness
  • Business Acumen
  • Analytical Thinking
  • Relationship Building
  • Conceptual Thinking


Specialist Experience




•           Graduate degree in business or related discipline and/or MBA, CA, or other professional related qualification

•           Extensive experience in the financial services sector

•           Extensive experience in IT Risk/Information Security/Audit

•           Experience in a Technology Delivery (Development, Support)




  • The nature of work requires an independent view from that held by the business, requiring the incumbent to overcome potentially adversarial situations to find mutually acceptable solutions.
  • Office environment, no physical strain, requires attention to detail with occasional periods of heightened stress.
  • Matrix environment with different time zones




50%   Strategic Oversight & Challenge

25%   Policy Management

10%   Risk Appetite Management

10%   People Management

5%     Awareness Leadership



As an employee of RBC, I acknowledge my responsibilities to abide by RBC’s Code of Conduct and all applicable RBC policies, procedures, standards and guidelines. I am also aware of the consequences of non-compliance.




Diversity and Equal Opportunity Employment:
RBC is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants for employment without regard to race, color, religion, sex, national origin, age, disability, protected veterans status or any other legally-protected factors.


Join Our Talent Community
Want to be in-the-know about great career opportunities at RBC? It's easy! Join our Talent Community and get the inside scoop on jobs, career paths, recruitment events, and more!


Please note that all information in this job description is accurate at the time of posting.  Please be aware that companies may change details and/or closing dates without notice.

Job Summary

Hong Kong
  • Hong Kong
  • Finance
Job Type
  • Negotiable
10 December 2014
Applications Deadline
24 January 2015

Follow our link

Latest Tweets