Deputy Executive Manager - IT Risk Governance

The Job

You will:

1. Assist EM ITRG in implementing the IT Risk Management framework & Methodology within the IT Division, ensuring the IT Divisional leadership team is aware of and fully embraces their risk management accountabilities, including:

• Refreshes regularly the risk scenarios with advice and input from the second-line ERM team and other subject matter experts
• Ensuring the Top Risks within the IT Division are prioritized and the Response decisions taken and reviewed in line with the tolerance thresholds
• Collaborate with departments across the Division and 2nd line of defence units (i.e. Enterprise Risk Management and Technology Risk Management) to develop risk appetite statements, tolerance thresholds, and Key Risk Indicators
• Continuously updating the control library, supporting Risk Owners in identifying the Key Controls to their risks and ensuring controls are appropriate, effective and efficient
• Supporting EM ITRG in monitoring their Key Risk Indicators by producing and/or co-ordinating reporting and data updates
• Develop and manage third-party supplier risks
• Reporting updates on the Top Risks to Divisional leadership and Club governance including a summary of objectives most at risk, escalations requiring funding, material risk changes, material incidents and lessons learnt

2. Support EM ITRG in working with the IT Audit and Control Oversight team to ensure an IT Risk Controls Assurance Programme is implemented across the IT Division, to test the key operational controls

3. Supporting the EM ITRC in the review of the incident management process:

• Root cause analysis of material incidents is conducted in a timely manner with lessons learnt acted upon
• Analysis of trends is undertaken, to identify themes in smaller incidents and near miss large incidents, with the findings acted upon

About You

You should have:

• Bachelor's Degree (preferred) in relevant risk management disciplines (e.g., Operational Risk management within an IT department or organisation, Information Security, IT Risk Management)
• Professional risk management certification (e.g., ISO 31000) and /or industry body affiliation is an advantage
• Experienced seasoned professional with deep expertise in developing and running an Operational Risk Management function within an IT Division or organisation
• Proven track record in leading a risk function in a Technology environment
• 10+ years of experience in enacting the first line of defence IT operational risk role and responsibilities
• Capable of understanding the Club's unique nature and culture in terms of Risk Management
• Capable of assessing and quantifying technology and operational risks, assessing mitigation measures and providing practical recommendations on risk mitigation controls when needed
• Understand industry best practices and trends on IT standards, governance, risk, and internal control
• Experience in delivering technology and/or operational risk management frameworks from inception
• Knowledge of enterprise architecture, service management, asset management, change management and systems migration
• A good understanding of business and product knowledge of the Club and the business strategies, priorities, risks and controls in his/her core or functional area of responsibility

About You (cont.)

• Technically astute and good analytical and decision-making ability
• Excellent communication and report writing skills in English Other Proficiencies
• High influencing and communication skills
• High professional and ethical standards
• Strong leadership, with good relationship management skills
• Manage/handle multiple tasks, and work under pressure and with conflicting priorities
• Proactive with high levels of initiative

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.