Requisition ID:  4562

Deputy Executive Manager, IT Risk and Controls

The Hong Kong Jockey Club

Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.

The Department

The objectives of the IT Risk & Controls Department are to establish and maintain a robust risk management methodology that effectively identifies, assesses, and mitigates risks related to IT processes and technology. The department ensures that the Club’s IT risk posture is accurately reported and that operations remain within the defined risk appetite, thereby enhancing operational integrity and resilience. By aligning its risk management approach with the Enterprise Risk Management Framework and the Technology Risk Management Framework, and by working closely with business units, the department promotes accountability and transparency across both IT and business functions.

Job Summary

Are you a seasoned technology risk executive who thrives at the intersection of strategy, governance, and transformation? Do you have the vision to shape how an entire IT Division thinks about risk — and the leadership presence to make it happen?

We are seeking a Deputy Executive Manager, IT Risk & Controls to serve as the first-line risk leader for the IT Division. Reporting to the Head of Department, you will set the strategic direction for technology risk management, drive enterprise-wide risk governance, and ensure the organisation's risk posture keeps pace with rapid technological change, regulatory evolution, and business ambition.

Where the Senior Technical Manager focuses on evolving methodology and leading assessments, you will help design the overall risk strategy, operating model, and executive engagement agenda. You will be accountable for key portfolios of the IT Risk & Controls (ITRC) function, the maturity of its capabilities, and its reputation as a trusted, value-adding partner to the business.

This is a role for a leader who sees risk not as a reporting obligation, but as a strategic lever — one that protects value, enables confident decision-making, and accelerates responsible innovation.

This role is delivering key portfolios of the ITRC function and thus delivering strategic impact. While the Senior Technical Manager drives methodology and assessment excellence, the Deputy Executive Manager ensures the function is strategically positioned, well-governed, and delivering measurable value to the IT Division and the Club. Provides leadership and mentoring for the team and is responsible for maintaining strategic alignment for the function. You will elevate technology risk from a compliance necessity to a strategic capability — protecting the Club, enabling confident transformation, and building enduring organisational resilience.

Who You Are

A strategic, executive-calibre risk leader with deep technology fluency and the gravitas to influence at the highest levels. You combine big-picture thinking with operational credibility — you’ve built and led risk functions, not just contributed to them.

  • Translate enterprise risk appetite into practical technology risk guidance
  • Navigates complex stakeholder landscapes across IT, business, and assurance
  • Makes judgment calls under uncertainty, balancing rigour with pragmatism
  • Leads through influence, building coalitions and driving change without positional authority

The Job

Set the Strategic Direction for Technology Risk

  • Define and deliver on the multi-year ITRC strategy, ensuring alignment with the Club's IT strategic objectives and enterprise risk appetite
  • Co-develop the IT Division’s risk framework with Enterprise Risk, translating board-level appetite into actionable technology tolerances
  • Anticipate emerging risk themes (AI/ML governance, third-party ecosystem risk, digital ethics, regulatory change) and position the function ahead of the curve
  • Support innovation within the risk function: automation, data-driven risk sensing, and integration with engineering toolchains

Lead Executive-Level Risk Governance

  • Serve as a trusted risk voice at senior IT leadership and cross-divisional governance forums
  • Chair or co-chair the Technology Risk Forum (TRF) and represent ITRC at the Technology Risk & Information Security Committee (TRISC)
  • Present the IT risk posture, key themes, and strategic trade-offs to the IT Executive Committee and, where required, enterprise risk and audit committees
  • Ensure governance structures are decision-oriented and connected to real operational signals
  • Help drive executive accountability for risk ownership across IT leadership, embedding risk into strategic planning, investment decisions, and transformation programmes

Leadership in the IT Risk & Controls Function

  • Lead, mentor, and develop Senior Technical Managers, risk analysts, and control specialists
  • Define team structure, capability roadmap, and succession planning to support growth
  • Set quality standards for assessments, control evaluations, and reporting to ensure consistency, rigour, and relevance
  • Foster a culture of continuous improvement, intellectual curiosity, and constructive challenge

Drive Enterprise-Wide Risk Integration

  • Partner with Enterprise Risk, Internal Audit, Compliance, and Information Security to align frameworks, taxonomies, and reporting
  • Act as senior liaison to second-line and third-line functions, coordinating audit responses, regulatory engagements, and assurance activities
  • Embed risk into portfolio-level investment, vendor selection, and architectural decisions
  • Translate incidents, near-misses, and audit findings into systemic improvements beyond single-issue fixes

Champion Risk-Informed Transformation

  • Ensure transformation risk coverage across delivery risk, operational readiness, control migration, and residual exposure
  • Advise programme steering committees on risk-based sequencing, go/no-go decisions, and contingency planning
  • Champion risk-by-design across Agile and product-centric delivery lifecycles

About You

  • Bachelor’s degree required; Master’s or MBA preferred in a relevant discipline
  • Advanced use of GRC platforms and risk analytics, positioning them as insight engines versus repositories
  • Fluent in modern tech landscapes: cloud, DevOps/CI-CD, microservices, data platforms, AI/ML — and their risk profiles
  • Exceptional executive communication; adept at creating board-ready narratives and visuals
  • Outstanding stakeholder management and influence with senior technology and business leaders
  • Senior certifications are an advantage: CRISC, CISM, CISA, ISO 31000 Lead Risk Manager (or equivalent); active industry involvement
  • Expert in technology risk frameworks, control design, and operational resilience standards (COBIT, NIST, ISO 27001/27005, ITIL, etc.)
  • 15+ years in technology or operational risk, with 5+ years in senior leadership owning functional strategy and teams
  • Proven track record of building, scaling, or transforming a technology risk or controls function
  • Significant experience operating at the executive level (C-suite, steering committees, or board-facing forums)
  • Depth across cyber, operational resilience, data governance, third-party risk, and change/transformation risk
  • Success in complex, matrixed organisations (e.g., financial services, regulated, or membership-based contexts)
  • Strategic vision — define a compelling future state, mobilise the team to deliver and maintain alignment with the club's strategy
  • People leadership — develop talent, build inclusive teams, and manage performance
  • Organisational influence — drive change through persuasion and credibility
  • Judgment and decisiveness — make timely, risk-based decisions with incomplete information
  • Resilience and composure — operate effectively under pressure and in crises

Apply Now!

We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.

 

Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.

Equal Opportunity and Inclusive Hiring

We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via careers@hkjc.org.hk. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

Share Page
Share this Job :

To share this job on WeChat, please click the button below to copy the link: