Assistant Manager, Information Security Assurance

Job Summary

Reporting to the Senior Manager, ISA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. This will include designing and implementing a control library focusing on controls to manage cyber risks and to develop a control assurance program to test the design and operating effectiveness of controls on a regular basis.

This job holder is responsible for delivering information security projects and ensuring robust information security measures during system design and operations. Also involves coordinating information security initiatives and responding to security incidents to maintain compliance and safeguard the Club's assets.

Key tasks include conducting information security testing, managing risk assessments, and collaborating with internal and external stakeholders to implement security controls.

The Job

You will

• Assist the Senior Manager, ISA to establish the second line of defence (2LOD) technology risk management and information security assurance functions.
• Conduct regular assessments and testing of information security controls and processes
• Provide technical advisory to ensure compliance with regulatory requirements and industry best practices.
• Support the selection and review process of information security solutions, providing technical suggestions and recommendations for design and integration.
• Assist in the implementation of security initiatives and prepare necessary documentation to ensure adherence to project development lifecycles.
• Collect, analyse, and report on security metrics, trends, and issues to enhance the visibility of senior executive.
• Maintain and update documentation related to information security processes, procedures, and project statuses.
• Engage in proactive measures to mitigate network-based security risks and respond to information security incidents.
• Provide guidance and support for the configuration and implementation of security controls and frameworks.
• Promote security awareness within the organization, fostering a culture of risk management.
• Assist in the incident management process
• Work closely with the ERM team to integrate information security risks into the organization's risk management framework.
• Support the Senior Manager in engagements with internal audit and other third-line functions.

About You

You should have

• University degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related fields.
• 3 to 5 years of practical experience in information security, risk management, or a related field.
• Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
• In-depth knowledge of information security principles, risk management frameworks, and relevant regulations
• Familiarity with security frameworks and standards (e.g. ISO 27001, NIST).
• Relevant certifications such as CISSP, CISA, CISM or CRISC are preferred.

Terms of Employment

How to Apply

Please send your resume, complete with expected salary and job reference by clicking the Apply Now.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.