Deputy Executive Manager, Cyber Risk Mitigation and Controls Implementation

The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:

• Develop and implement advanced risk mitigation strategies based on identified cyber risks
• Oversee the implementation of sophisticated security measures, policies, and procedures to protect the Club’s information assets
• Continuously monitor and evaluate the effectiveness of cyber risk mitigation efforts and report to senior management and the board of management
• Provide assistance and collaborate with other teams to foster a culture of advanced security awareness among employees.
• Collaborate with internal and external auditors to facilitate security audits and assessments, covering cybersecurity
• Stay at the forefront of emerging cyber security technologies trends
• Evaluate the applicability and potential benefits of emerging technologies for the Club and make strategic recommendations for adoption

About You

You should have:

• Degree in Computer Science, Information Technology, Cybersecurity, or a related discipline. A relevant master’s degree is a plus
• 10+ years of experience in cybersecurity, IT risk management, or a related field, with a minimum of 5 years in a leadership role
• Proven experience in developing and implementing cyber risk mitigation strategies and cybersecurity frameworks that align with enterprise risk management
• Strong technical expertise in security controls, incident response, and remediation strategies, with hands-on experience in deploying and monitoring security measures
• Experience in IT and cybersecurity audits and assessments, including working with internal audit teams and external auditors to identify gaps and ensure compliance with regulatory and industry standards
• In-depth knowledge of cybersecurity standards and frameworks such as NIST, ISO 27001, COBIT, and CIS Controls
• Experience working with 2nd and 3rd Lines of Defense teams, supporting cybersecurity audits, assessments, and compliance initiatives
• Familiarity with emerging cybersecurity technologies and the ability to assess their impact on the organization
• Proven leadership and team development experience, with a demonstrated ability to mentor and lead high-performing teams
• Strong experience in stakeholder management and the ability to communicate cybersecurity risks and strategies effectively to executive leadership and board members
• Certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable
• Strong knowledge of ISMS and major security frameworks (ISO 27000, ISO 31000, NIST, COBIT)
• Experience in audit control frameworks, ITGCs, and cybersecurity risk across infrastructure, cloud, and applications
• Solid IT background in enterprise networking, operating systems, and database security controls
• Proficient in DevSecOps, cloud security, PII protection, GDPR, and cybersecurity laws

About You (cont.)

• Skilled in problem-solving, risk management, and mitigating complex risks
• Proven ability to manage multiple tasks efficiently and meet deadlines
• Strong leadership, negotiation, and communication skills for diverse audiences
• Experienced in collaborating with senior colleagues on cyber risk strategies
• Contributed to governance and risk management at the executive level

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.