ICT Risk Analyst

ICT Risk Analyst

Company: China Merchants Bank Europe

China Merchants Bank (CMB), established in 1987, is China’s first joint-stock commercial bank. It currently ranks as the 10th largest bank globally by Tier 1 capital (The Banker, UK), maintaining a top 20 position for five consecutive years.

CMB operates 143 branches and over 1,700 sub-branches across 130 cities in mainland China, and maintains a growing international presence with six overseas branches and two representative offices. The group employs over 110,000 professionals worldwide.

China Merchants Bank Europe is the headquarter of CMB group in the EU and acts as a global banking and investment gateway between China and Europe.

As a full license bank, CMB Europe intends to differentiate itself as a flagship in the sector of corporate banking, trade finance and wealth management. It provides a range of diversified financial products and services to Corporation customers, Personal customers, Financial Institutions in EU and China.

The Risk Management Function is responsible for ensuring that the Bank adequately controls and manages credit, market, operational, liquidity and other relevant risks. It ensures the Bank is fully compliant with all banking laws, regulations, internal policies and procedures.

Key Responsibilities

• Developing and implementing policies and frameworks for IT security and risk management.
• Monitoring and managing the IT systems to ensure that they are secure.
• Conducting ICT and Cybersecurity Risk-Self Assessment, in line with both EU regulation and HO policies.
• Ensuring that IT control framework is aligned to the CMB HO framework when relevant.
• Identifying potential regulatory and non-regulatory IT risks through thorough and ongoing risk assessments (such as the possibility of system failure or data loss).
• Assisting in finding practical and cost-effective solutions to identified or revealed security and risk issues.
• Building and maintaining strong and effective working relationships and effective means of communication with other relevant functions such as IT, RM, LC, OP departments.
• Working closely together with internal and external auditors on ICT Risk topics.
• Designing an extensive training program and organize regular training targeted to different functions within the Bank.
• Implementing a set of Key Risk Indicators (KRI) and defining metrics to regularly measure control effectiveness.
• Providing regular reporting on the ICT risk exposure, mitigating efforts, key milestones, KRIs, escalation of operational events and breaches.
• Actively engaging in end-to-end risk remediation planning, resolution, and monitoring activities.
• Serving as the point of contact for all ICT Risk Management matters.
• Monitoring key trends in the regulatory environment and best market practices (including implementation of DORA, review of real case studies, following the latest industry best practices)

Raising awareness: influencing behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise

Qualifications & Skills

• Education: Master’s Degree in Finance, Mathematics, Engineering, or a highly quantitative field.
• Professional Experience: Minimum 5 years of experience in Risk Management within the banking sector, with a proven track record of handling complex regulatory projects in Luxembourg.
• Regulatory Expertise: Deep technical knowledge of the European and local regulatory landscape (CSSF circulars, EBA guidelines).
• Languages: Fluent English, French/Chinese/German are considered as an asset.
• Certifications: Professional designations such as FRM or CFA are highly preferred for this senior level.
• Technical Stack: Advanced proficiency in Excel/VBA; experience with programming (SQL/Python) for risk modeling is a strong plus.
• Soft Skills: Exceptional synthesis skills—the ability to distill complex risk metrics into clear, strategic narratives for executive decision-making. High ethical standards and the ability to mentor junior team members.