Deputy Executive Manager, IT Audit & Control Issues Oversight

The Hong Kong Jockey Club

Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The objectives of the IT Risk & Controls Department are to establish and maintain a robust risk management methodology that effectively identifies, assesses, and mitigates risks related to IT processes and technology. The department ensures that the Club’s IT risk posture is accurately reported and that operations remain within the defined risk appetite, thereby enhancing operational integrity and resilience. By aligning its risk management approach with the Enterprise Risk Management Framework and the Technology Risk Management Framework, and by working closely with business units, the department promotes accountability and transparency across both IT and business functions.

The Job

• Review audit reports (internal and external) to identify control gaps, compliance issues, and operational inefficiencies
• Develop detailed action plans with issue owners to address audit findings, including specific steps, timelines, and responsible parties
• Maintain a centralized system (e.g., audit issue log, GRC tool) to track the status of audit findings and remediation activities
• Prepare regular status reports for senior management, audit committees, and other stakeholders
• Ensure that remediation efforts comply with applicable laws, regulations, and organizational policies
• Analyze recurring audit issues to identify systemic problems and recommend process improvements
• Maintain comprehensive documentation of audit findings, remediation plans, and progress updates
• Identify the scope of control testing, including systems, processes, and applications to be evaluated
• Evaluate whether controls are designed appropriately to address specific risks
• Determine if existing controls adequately mitigate identified risks
• Document the results of control testing, including evidence of testing procedures and findings
• Suggest actionable solutions to address control weaknesses and enhance control effectiveness
• Periodically assess the overall control environment for emerging risks and areas of improvement
• Use automated tools for data analysis, control testing, and monitoring
• Provide training and guidance to staff on audit requirements, remediation processes, and best practices. Foster a strong control environment by raising awareness of compliance and risk management

About You

• Bachelor's Degree (preferred) in relevant risk management disciplines (e.g., Operational Risk management within an IT department or organisation, Information Security, IT Risk Management)
• Professional risk management certification (e.gM ISO 31000) and /or industry body affiliation is an advantage
• Experienced seasoned professional with deep expertise in developing and running an Operational Risk Management function within an IT Division or organisation
• Proven track record in leading a risk function in a Technology environment
• 15+ years of experience in enacting the first line of defence IT operational risk role and responsibilities
• Capable of understanding the Club's unique nature and culture in terms of Risk Management
• Capable of assessing and quantifying technology and operational risks, assessing mitigation measures and providing practical recommendations on risk mitigation controls when needed
• Understand industry best practices and trends on IT standards, governance, risk, and internal control
• Proficient in delivering technology and/or operational risk management frameworks from inception
• Knowledge of enterprise architecture, service management, asset management, change management and systems migration
• A good understanding of business and product knowledge of the Club and the business strategies, priorities, risks and controls in his/her core or functional area of responsibility
• Technically astute and excellent analytical and decision-making ability
• Excellent communication and report-writing skills in English
• High influencing and communication skills
• High professional and ethical standards
• Strong leadership, with excellent people and relationship management skills
• Manage/handle multiple tasks, and work under pressure and with conflicting priorities
• Proactive with high levels of initiative

Apply Now!

We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.

Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.

Equal Opportunity and Inclusive Hiring

We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via careers@hkjc.org.hk. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.