Deputy Executive Manager - Business IT Risks & Controls Governance

The Job

You will:

• Conduct regular risk assessments and business impact analyses to identify potential threats and vulnerabilities to business operations
• Reporting material changes to the risk profile and significant incidents, including lessons learned, to relevant Governance and Stakeholders both within and outside the IT Division
• Continuously updating the control library, supporting Risk Owners in identifying the Key Controls to their risks and ensuring controls are appropriate, effective and efficient
• Supporting Risk Owners in monitoring their Key Risk Indicators by producing and/or co-ordinating reporting and data updates
• Reporting updates on the Top Risks to Divisional leadership and Club governance including a summary of objectives most at risk, escalations requiring funding, material risk changes, material incidents and lessons learnt
• Implement a comprehensive business resilience program that aligns with the club's goals and business requirements
• Support the EM BITRCG to work with Business Departments to create and maintain comprehensive business continuity plans to ensure the organization can respond effectively to disruptions. Evaluate the effectiveness of existing business continuity plans and recommend improvements
• Participate in the IT Division and Business Departments' business continuity exercises and drills to test the effectiveness of plans and identify areas for improvement
• Develop procedures, and guidelines for business continuity and disaster recovery
• Conduct regular risk assessments and business impact analyses (BIA) to evaluate the effectiveness of existing business continuity plans and recommend improvements
• Implement training programs to educate employees on business continuity plans and their roles during a crisis
• Develop metrics to measure the effectiveness of the business resilience program and report on program status to senior management. Prepare and present reports on business continuity initiatives, incidents, and exercises
• Root cause analysis of material incidents is conducted in a timely manner with lessons learnt acted upon and/or shared across the Club
• Analysis of trends is undertaken, to identify themes in smaller incidents and near miss large incidents, with the findings acted upon

About You

You should have:

• Bachelor's Degree (preferred) in relevant risk management disciplines (e.g., Business Continuity and Resilience, Operational Risk management within an IT department or organisation, Information Security, IT Risk Management)
• Professional risk management certification (e.g., ISO 31000) and /or industry body affiliation is an advantage
• Experienced seasoned professional with deep expertise in developing and running an IT Operational Risk and Business Resilience Management function within a Business Division or organisation
• Proven track record in leading a risk function and business continuity management
• 10+ years of experience in enacting the first line of defence IT operational and Business continuity risk role and responsibilities
• Capable of understanding the Club’s unique nature and culture in terms of Risk Management
• Capable of assessing and quantifying technology and operational risks, assessing mitigation measures and providing practical recommendations on risk mitigation controls when needed
• Understand industry best practices and trends on IT standards, governance, risk, and internal control
• Proficient in delivering technology and/or operational risk management frameworks from inception
• Good experience in managing business resilience and continuity programs
• Knowledge of enterprise architecture, service management asset management change management and systems migration. A good understanding of business and product knowledge of the Club and the business strategies, priorities, risks and controls in his/her core or functional area of responsibility
• Technically astute and excellent analytical and decision-making ability

About You (cont.)

• Excellent communication and report-writing skills in English
• Good influencing and communication skills
• High professional and ethical standards
• Strong leadership, with excellent people and relationship management skills
• Manage/handle multiple tasks, and work under pressure and with conflicting priorities
• Proactive with high levels of initiative

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.