Assistant Technical Manager, Identity & Access Management

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Onboarding of Club's systems into IAM and IGA platforms to centrally provide authentication services such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA), identity management services such as identity and access discovery, provisioning and de-provisioning, and governance activities such as access re-certifications
• Provide essential day-to-day BAU support by directly assisting business users and operational staff with identity and access-related issues, while actively coordinating with external vendors to ensure timely resolution, consistent service delivery, and compliance with support agreements
• Implement, enhance, and/or automate the team's IAM workflows and processes in accordance with requirements, the Club’s relevant information security policies and standards, and cybersecurity industry best practices, to achieve both a high level of operational efficiency and a robust cybersecurity posture
• Assess, plan, test, and implement system and database upgrade activities, security patching, certificate renewals, security configuration hardening, and vulnerability remediations to ensure IAM and IGA systems are consistently running at optimal cyber hygiene levels
• Act as IAM SME to provide technical expertise and insights to define and document IAM requirements and solutions to manage each aspect of an identity and access lifecycle that will help meet the business needs of the stakeholders while upholding strong cybersecurity controls
• Work in tandem with the assigned project team, such as with the Project Manager, Architecture, Design and Delivery team, Portfolio Team and business stakeholders to implement and operationalise IAM projects
• Continuously identify and work together with the team and Cyber Security management to deliver any enhancement and automation initiatives or remediate any gaps that may exist in IAM security controls and workflows
• Contribute to monthly monitoring and management reporting of the team's operational metrics and Key Performance Indicators (KPI)
• Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross team/division/department efforts and model collaborative behaviours

About You

You should have:

• University Degree in IT, Computer Science, Software Engineering, Cyber Security or related discipline
• 3 to 5 years' experience working in technical IT roles, with at least 2 years of hands-on experience in enterprise identity and access management systems
• Experience in integration of various authentication technologies such as Single-Sign On (SSO), Multi-Factor Authentication (MFA), Biometrics and Passwordless for both on-prem and cloud-based systems
• Experience in executing Identity and Governance Administration processes such as conducting access recertifications, designing access approval processes, implementing role-based access control (RBAC), ensuring segregation of duties and enforcing compliance policies
• Strong understanding of Active Directory, operating systems, networking protocols and cybersecurity concepts and technologies
• Champion adoption of security standards and best practices among business stakeholders
• Effective oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences
• Must possess analytical, problem-solving, and documentation skills
• CIAM, CISSP, CISM or equivalent certification is preferable
• Relevant specialised certifications in IAM or IGA systems will have an added advantage
• Hands-on experience in administration, installation, integration and/or deployment in one or more of the following IAM solutions: Okta, Microsoft Entra ID, SailPoint, Ping/ForgeRock, Oracle, Saviynt, etc.
• Hands-on experience in PowerShell and BeanShell scripting
• Strong understanding and application of best practices in IAM systems design and maintenance
• Technical experience in integrating and supporting single-sign-on, ADFS & SAML federation, directory schema, namespace and replication topology, resource provisioning, role mining, identity & access governance, including role-based access control (RBAC), access request and certification
• Good working knowledge of Active Directory, Windows, Linux, OSX and mobile operating systems

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.