Senior Technical Manager - IT Risk and Controls Assessment

The Job

You will:

1. Assist EM ITRG to implement the IT Risk Management framework & Methodology within the IT Division

• Support the EM ITRG to identify the Top Risks within the IT Division
• Maintain the control library, work with Risk Owners in identifying the Key Controls to their risks and ensuring controls are appropriate, effective and efficient
• Produce and maintain Key Risk Indicators (KRI) report
• Perform control assessments of third-party suppliers
• Reporting updates on the control assessment result and dashboard

2. Collaborate with the IT Audit and Control Oversight team to assess key operational controls, including

• Key controls are scheduled for regular testing according to the risk profile
• Actions are identified to remediate the significant issues that fall outside of risk appetite levels during control testing

3. Supporting the EM ITRG to ensure risk mitigation strategies are developed and implemented for material risks and risk changes

4. Supporting the EM ITRG to ensure the incident management process covering all risks is robustly implemented, including

• Assess if there are control deficiencies or effectiveness that lead to incidents
• Analysis of trends is undertaken, to identify themes in smaller incidents and near miss large incidents, with the findings acted upon

About You

You should have:

• Bachelor's Degree (preferred) in relevant risk management disciplines (e.g., Operational Risk management within an IT department or organisation, Information Security, IT Risk Management)
• Professional risk management certification (e.g., ISO 31000) and /or industry body affiliation is an advantage
• Experienced seasoned professional with expertise in developing and running an Operational Risk Management function within an IT Division or organisation
• Proven track record in leading a risk function in a Technology environment, particularly with experience in control assessment
• 7+ years of experience in enacting the first line of defence IT operational risk role and responsibilities

Technical Skills

• Capable of understanding the Club's unique nature and culture in terms of Risk Management
• Capable of assessing and quantifying technology and operational risks, assessing mitigation measures and providing practical recommendations on risk mitigation controls when needed
• Understand industry best practices and trends on IT standards, governance, risk, and internal control
• Experience in Control Assessment methodology and have deployed Risk Control Self Assessment program (RCSA)
• Experience in delivering technology and/or operational risk management frameworks from inception
• Knowledge of enterprise architecture, service management, asset management, change management and systems migration
• A good understanding of business and product knowledge of the Club and the business strategies, priorities, risks and controls in his/her core or functional area of responsibility
• Technically astute and good analytical and decision-making ability
• Excellent communication and report-writing skills in English
• Good influencing and communication skills
• High professional and ethical standards
• Good relationship management skills
• Manage/handle multiple tasks, and work under pressure and with conflicting priorities
• Proactive with high levels of initiative

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.