Compliance and Operational Risk Technology Testing Specialist - Associate

As a Compliance and Operational Risk Technology Testing Specialist within the Testing Center of Excellence in China, you will shape the risk-based testing strategy on technology controls across business lines, and own end-to-end planning and execution of technology compliance and operational risk testing. In this role, you will operate in the first line of defence, leading risk-based technology control testing across critical platforms and services to ensure controls are well-designed and operating effectively. You will partner closely with Technology, Cybersecurity, Risk, Compliance, and business stakeholders. You will utilize advanced analytical thinking, sound judgment, and strong stakeholder management to influence outcomes, communicate results to senior leaders and regulators, and continuously enhance our testing methodology.

• Lead the development and execution of a risk-based operational risk and compliance testing plan covering core technology controls across various technology governance, risk and control domains, e.g. identity and access management, privileged access, change and release management, SDLC, infrastructure operations, disaster recovery, configuration management, vulnerability and patch management, asset management, network and endpoint security, logging and monitoring, and cloud services.
• Scope and plan testing engagements: perform walkthroughs, define test scripts and sampling, identify control points and dependencies, and align scope with risk assessments and regulatory obligations.
• Evaluate control design and operating effectiveness and determine results with clear, supportable conclusions, identify control coverage gaps and recommend pragmatic enhancements.
• Document high-quality process flows, control narratives, test plans, and evidence packages.
• Raise issues with well-defined risk statements, root cause analysis, and actionable, time-bound remediation plans.
• Produce timely, accurate testing reports and metrics for governance forums. Present interim observations and final results to technology and business leaders.

• Bachelor's degree in Technology or related field.
• Business level proficiency in Chinese(Mandarin) and English, both written and verbal.
• At least 7 years' experience in technology control testing or technology audit, or in technology risk and control management within complex, regulated environments.
• Business level proficiency in Chinese (Mandarin) and English, both written and verbal.
• Professional certifications such as CISA, CISSP, CISM, CRISC, CCSP, or equivalent technology credentials.
• Strong understanding of technology governance, risk and control concepts, with proven ability to assess both control design and operating effectiveness in an integrated business-technology context.
• Knowledge across core Technology and Cyber domains, such as architecture, identity and access management, vulnerability management, cloud security, application security, data protection, and incident management.
• Understanding of emerging technologies and related risks.
• Proficiency with productivity and collaboration tools (Excel, Word, PowerPoint) and familiarity with testing-enabling tools (e.g., Jira/Confluence, ServiceNow or Archer GRC, Splunk, Qualys/Tenable).
• Hands-on experience with data analytics and automation tools (e.g., SQL, Python, Alteryx, Power BI, Tableau) to increase testing efficiency and coverage.
• Demonstrated proficiency in analytical thinking, with a track record of systematically organizing, comparing, and evaluating various aspects of a situation to identify key information.
• Excellent written, verbal, and presentation skills, and ability to translate complex technical issues into clear, concise, and actionable messages for senior stakeholders.
• Excellent stakeholder management with the ability to influence outcomes and navigate challenging discussions with senior audiences.
• Able to collaborate with engineering, product, cyber, and business teams to achieve testing outcomes while maintaining objectivity and independent judgement.
• Demonstrated ability to manage multiple engagements, deliver to deadlines, and adapt to changing priorities in a dynamic environment.
• Strong time management and organization. Ability to plan, prioritize, and coordinate across multiple concurrent engagements.