Deputy Executive Manager, Cloud Solution (3-Year Contract)

The Hong Kong Jockey Club

Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.

The Department

Since 1884, The Hong Kong Jockey Club has been a cornerstone of Hong Kong’s sports and entertainment landscape, driving innovation while contributing to the betterment of society. We are seeking motivated individuals eager to help shape the future of sports and entertainment in a fast-paced, dynamic environment. If you value creativity, collaboration, innovation, and love a challenge, this opportunity is for you.

The Job

• GitOps & Everything as Code Leadership
  • Implement comprehensive GitOps workflows using Argo CD for infrastructure and application deployment automation across all environments
  • Design and maintain Infrastructure as Code using Terraform Cloud with modular, reusable components for complete AWS environment provisioning
  • Create a self-service Environment on Demand capabilities, enabling development teams to provision, scale, clone, and destroy environments through Git-based workflows
  • Establish an environment-as-a-service architecture with automated validation, health checks, cost optimisation, and governance controls
  • Implement configuration drift detection and automated remediation, ensuring infrastructure consistency and compliance
• AWS Cloud Infrastructure Management
  • Design and implement a multi-account AWS architecture using Organisations with comprehensive networking (VPC, PrivateLink, Transit Gateway)
  • Manage Amazon EKS clusters with advanced features including service mesh (Istio), policy enforcement (OPA/Kyverno), and container security (NeuVector)
  • Implement Aurora PostgreSQL databases, MSK (Kafka) clusters, S3 storage solutions, and API Gateway configurations as code
  • Design Auto Scaling Groups, Application/Network Load Balancers with proper security group configurations and compliance monitoring
  • Create and maintain VPN and firewall configurations with automated security policy enforcement
• Monitoring & Observability as Code
  • Implement monitoring dashboards, SLO/SLI definitions, and alerting rules using Terraform
  • Design Service Level Objectives with error budget tracking, burn rate alerting, and automated compliance reporting
  • Create monitoring automation for EKS clusters, Aurora databases, Kafka topics, and application/network performance using DataDog
  • Design proactive monitoring strategies with automated incident response and escalation procedures
• Security & Compliance Automation
  • Implement secrets management automation using AWS Secrets Manager and HashiCorp Vault with automated rotation policies
  • Design IAM policies and roles with least privilege principles, implementing just-in-time access and break-glass procedures
  • Create automated compliance monitoring using AWS Config rules, Security Hub integration, and continuous security validation
  • Implement container security scanning, vulnerability management, and automated remediation workflows
  • Design network security with security groups, NACLs, WAF configurations, and encrypted communication patterns
• CI/CD Pipeline Architecture
  • Implement infrastructure testing using Terratest, chaos engineering with Gremlin, and automated disaster recovery validation
  • Create deployment automation with canary releases, blue-green deployments, and automated rollback mechanisms
• Operational Excellence & Reliability
  • Implement chaos engineering experiments and automated failure injection to validate system resilience
  • Design disaster recovery automation, backup validation, and business continuity procedures
  • Create automated patching, security updates, and software version management across all environments
  • Implement cost optimisation automation with resource rightsizing, reserved instance management, and budget controls
  • Design capacity planning, performance optimisation, and resource utilisation monitoring automation

About You

• 5+ years of cloud infrastructure experience with AWS services and architecture
• 3+ years of Infrastructure as Code experience using Terraform
• 3+ years of Kubernetes/container orchestration experience in production environments
• 2+ years of GitOps implementation and CI/CD pipeline design experience
• Experience with monitoring, observability, and production support in cloud environments
• Knowledge of security best practices, compliance frameworks, and automated governance
• Preferred Qualifications
  • AWS Certifications: Solutions Architect Professional, DevOps Engineer Professional, Security Speciality
  • Kubernetes Certifications: CKA (Certified Kubernetes Administrator), CKAD (Certified Kubernetes Application Developer)
  • Terraform Certification: HashiCorp Certified Terraform Associate or Professional
  • Experience with financial services or wagering industry environments
  • Knowledge of service mesh technologies, chaos engineering, and advanced monitoring practices
• Tools & Technologies
  • Infrastructure: Terraform Cloud, AWS CLI, kubectl, Helm, ArgoCD
  • Monitoring: DataDog, AWS CloudWatch
  • Security: AWS Secrets Manager, HashiCorp Vault, Snyk, SonarQube, OWASP ZAP
  • CI/CD: GitHub Actions, CloudBees CI, Argo Workflows
  • Development: Python, TypeScript, Bash, VS Code, IntelliJ IDEA, Git/GitHub Enterprise
  • Testing: Terratest, Gremlin, Chaos Toolkit, Testcontainers
• Core Infrastructure Technologies
  • Terraform: Advanced Infrastructure as Code with modules, workspaces, remote state, and testing framework
  • AWS Services: Comprehensive experience with EKS, RDS Aurora, MSK, S3, Lambda, API Gateway, VPC, Organisations
  • Kubernetes: Container orchestration, Helm charts, service mesh, policy enforcement, and security implementations
  • GitOps: Argo CD/Workflows/Events, Git-based infrastructure management, and configuration drift detection
  • Automation: Python, TypeScript, Bash scripting for infrastructure automation and integration development
• Monitoring & Observability
  • DataDog: APM, infrastructure monitoring, log analysis, dashboard creation, distributed tracing, performance analysis, profiling, and alerting configuration
  • SLO/SLI Implementation: Service level objective definition, error budget tracking, and burn rate alerting
  • Security & Compliance
• Secrets Management: AWS Secrets Manager, HashiCorp Vault integration, and automated rotation
  • Identity Management: IAM policies, RBAC, service accounts, and federated authentication
  • Compliance Automation: AWS Config, Security Hub, compliance reporting, and automated remediation
  • Container Security: Image scanning, runtime protection, and policy enforcement

Apply Now!

We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.

Add horsepower to your career today. If you do not meet all of the requirements but still believe you can make a difference, please apply.

Equal Opportunity and Inclusive Hiring

We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via careers@hkjc.org.hk. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.