Senior Technical Manager, Cyber Risk Assessment and Analysis

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Support and drive Cybersecurity management’s directives in priority
• Contribute to the enhancement and evolution of the CSRM program and framework, including execution of targeted risk assessments on holistic Cybersecurity risk and enhance current practices to mitigate cyber risks and the establishment of a risk framework
• Align risk appetite and fine-tune processes necessary within the business
• Follow and execute risk management practices with Risks & Controls Library, Impact Thresholds, Security Governance, Controls Testing, Issue Management, Risk Registers, Risk Reporting, etc.
• Assess risks based on policy, standards, technology compliance requirements and best practices for IT and business projects and activities
• Ensure security measures are properly adopted for risk mitigation
• Risk exception and acceptance must be well governed, timely validated and properly escalated
• Prepare a report to senior management on the current security posture
• Partner with Information Security and IT teams to implement appropriate solutions to mitigate exposure as needed
• Participate and contribute positively to create a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours

About You

You should have:

• University degree in Computer Science, Information Technology/Security Management, Cybersecurity, or a related field
• Sound experience working in technology risk management
• Strong consulting background in IT/Security/ IT Audit is desired
• At least 8 years of experience in IT technical roles and audit, 3 years of hand-on in technology risk assessment and security compliance aspects
• CISA, CISSP, CRISC or equivalent is preferable
• Experience in adopting risk-based assessment methodologies and engaging audit counter-parts
• Experience in performing risk assessment and evaluation
• Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business
• Competency consulting background in IT, Cyber Security and/or IT Audit and Control Compliance
• Competency interacting with seasoned colleagues on Technology and Cybersecurity Risk, Audit and compliance agenda
• Experience in building risk awareness amongst staff by providing support and training within the company
• Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment
• An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators/metrics
• Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.
• Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security)
• IT background with operations, enterprise networking, operating systems and database security risk controls
• Sound skill across: DevSecOps, cloud security, PII, GDPR, and Cyber security laws
• High problem solving, risk management and analytical skills
• Ability to effectively manage multiple priorities
• Strong interpersonal, management, negotiation and presentation skill
• Ability to interact with seasoned colleagues on Technology Risk agenda

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

How to Apply

Please send your resume, complete with expected salary and job reference by clicking the Apply Now button or to:

Fax: 2966-5770

Mail: The Human Resources Department, The Hong Kong Jockey Club, 1 Sports Road, Happy Valley, Hong Kong
 

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.