Technical Manager, Cyber Risk Governance

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Support the execution of cyber risk methodologies and contribute to the presentation of cyber risk posture reporting to the technology and cyber risk forums
• Provide expert oversight of cyber risk management activities, including risk identification, assessment, and mitigation
• Support the evolution of the security standards control library and support risk owners in recognising key controls
• Support trend analysis and lessons learned activities to enhance cyber risk posture
• Develop and maintain advanced risk reporting mechanisms to provide senior management and the board with timely and accurate information on cyber risks
• Establish and monitor the organisation's risk appetite
• Support the development and maintenance of cybersecurity standards, procedures, and guidelines, incorporating risk management principles from NIST and the industry
• Drive the promotion of cyber security awareness across the Club
• Collaborate with senior leadership and business units to ensure robust business continuity plans are in place and regularly tested
• Engage with senior management and board members to communicate the importance of cybersecurity and gain support for governance initiatives
• Nurture talent growth in the Cyber Security department and facilitate knowledge transfer

About You

You should have:

• University degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related fields
• Relevant certifications such as CISA, CISSP, CRISC or equivalent are preferred
• At least 3 to 5 years of experience in IT technical roles and audit, including 2 to 3 years of hands-on experience in technology risk assessment and information security compliance aspects
• Experience with identity and access management systems and principles
• Knowledge of Information Security Management System framework, ISO27000, ISO31000 and other major information security frameworks/Practices, e.g. NIST, COBIT, etc.
• Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Technology Risk (including infrastructure, cloud and application security)
• Sound skills across: SecDevOps, cloud security, PIPL, GDPR, and Cybersecurity laws
• IT background with operations, enterprise networking, operating systems and database security risk controls
• An aptitude for technical writing, e.g. assessment reports, presentations, management dashboard and risk indicators/metrics
• Demonstrate a “can-do” spirit, a sense of ownership, and a strong commitment to achieving goals and organisational success
• Ability to effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment
• Ability to build relationships with stakeholders and facilitate effective discussions with people at all levels

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.