Deputy Executive Manager, Business Information Security Office

The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:

1 Cyber Risk Management

• Identify, assess and communicate the cyber risks to the business and/or critical supporting functions, adhering to the Club’s cyber risk management framework
• Establish and manage the cyber risk profile for the business and/or critical supporting functions, and ensure treatment plans are defined, funded and tracked
• Represent the Cyber Security Department at the non-financial risk committees chaired by the business and/or critical support functions, providing cyber advisory and presenting the cyber risk profile, highlighting material risks and other related updates
• Advise the business and/or critical supporting functions of the updates to the Club’s cybersecurity policies and standards, and ensure a plan and funding are in place, to adopt them

2 Business-Cyber Security Alignment

• Embed cyber security into the business’s and/or critical supporting functions’ strategy and objectives, and throughout their projects and day-to-day operations
• Ensure the Club’s cyber security strategy, policies, standards and solutions are relevant to the goals and challenges of the business and critical supporting functions, and the applicable regulatory requirements
• Ensure the Club’s policies and standards are fully complied with across their processes and systems
• Raising the cyber risk awareness and culture within the business and/or critical supporting functions, leveraging the Club’s cyber awareness and training programs
• Convey the needs from respective business units for the creation of the Cyber Security programme awareness and promotion of the cyber security control adoption across the business and/or critical supporting functions
• Advocate for modern Agile InfoSec practices balancing security and business agility through a pragmatic risk-based approach
• Liaise between Cyber Security and Business stakeholders to ensure seamless integration of Cyber Security controls

3 Stakeholder Collaboration and Communication

• Act as a trusted cyber advisor, fostering partnerships between Cyber Security and Business & IT teams
• Translate complex security concepts and requirements into actionable and business-friendly guidance
• During cybersecurity incidents, provide periodic sitrep to the business and/or critical supporting functions, and continuously assess the business impact of it
• Develop clear and concise updates on the cyber risk profiles, strategy, policies and standards, ensuring they are tailored for the non-financial risk committee members

About you

You should have:

• Bachelor’s degree holder e.g., Computer Science, IT, or other disciplines; a master’s degree is preferred
• 10+ years of experience in cyber risk management, cyber risk governance, or related fields
• Exceptional communication skills, with the ability to translate technical concepts for diverse audiences
• Expertise in stakeholder engagement, including senior executives and board members
• Demonstrated ability to foster business partnerships and to cultivate a strong risk culture
• Exceptional English writing and verbal communication skills, with the ability to present complex concepts to non-technical audiences
• Proficiency in the key cyber control domains, cyber risk management and governance frameworks and GRC tools
• Strong organisational and multitasking abilities with meticulous attention to detail
• Excellent stakeholder management and relationship-building skills

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.