Technical Manager, IT Risk and Controls

The Hong Kong Jockey Club

Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The objectives of the IT Risk & Controls Department are to establish and maintain a robust risk management methodology that effectively identifies, assesses, and mitigates risks related to IT processes and technology. The department ensures that the Club’s IT risk posture is accurately reported and that operations remain within the defined risk appetite, thereby enhancing operational integrity and resilience. By aligning its risk management approach with the Enterprise Risk Management Framework and the Technology Risk Management Framework, and by working closely with business units, the department promotes accountability and transparency across both IT and business functions.

Job Summary

Are you a tech-savvy problem solver who loves building structure without stifling creativity? Do you enjoy finding smarter ways to manage risk so technology teams can move faster? We’re looking for a Manager, IT Risk & Controls to join our First Line of Defence ITRC Team. In this role, you won’t just be checking boxes—you’ll empower developers, operations, and data experts to build resilient systems with confidence. You’ll champion the IT Risk Management Methodology (ITRMM) as a practical toolkit for delivering better, safer technology, working hands-on with the people building it.

What You'll Do

You’ll work side-by-side with software engineers and architects to embed risk intelligence into the SDLC. Instead of waiting for issues, you’ll help teams shift left—building quality and security from the first line of code. You’ll find creative ways to automate control testing, helping engineers deploy faster with fewer roadblocks.

In IT Operations, you’ll dig into incident, change, and disaster recovery data to uncover patterns and design practical solutions that prevent disruptions. You’ll reimagine repetitive manual tasks as automated workflows, making operations more resilient and less toil-intensive.

With data teams, you’ll navigate the complexities of Data Management—helping unlock value while building sensible, user-friendly controls around governance, lineage, and privacy. You’ll be a trusted voice for ethical innovation, ensuring data initiatives are built on trust.

You’ll take custodianship of our GRC tool, transforming it from a static repository into a dynamic dashboard that brings our IT risk story to life. You’ll translate raw data into clear, visual insights for stakeholders and bridge technical complexity with business priorities—turning vulnerabilities into business impact and helping management see risk as something to manage, not fear.

What Success Looks Like (In Your First Year)

Within your first year, you’ll help redesign a major control process, reducing manual effort for engineering. You’ll build a visual risk dashboard that enables faster, more informed leadership decisions. And you’ll become the go-to advisor for a product team, helping them launch a new feature with controls that are robust enough to protect, yet flexible enough to enable.

Who You Are

You’re a curious, pragmatic professional who loves understanding how technology works and how to improve it. You’re not just a risk manager—you’re a builder who enjoys creating solutions. Ideally, you have experience in a couple of technology domains like SDLC, Data, ITIL, or Cyber, but you don’t need to be an expert.

You speak the language of developers, operations leads, and data analysts. You can hold your own on CI/CD pipelines, ITIL change management, and data normalisation. You understand sprint pressure and know where risks hide in Agile and DevOps. You appreciate well-run ITIL processes and are excited by automation and AIOps. You care about data quality and are genuinely interested in data privacy challenges in modern architecture.

You’re a translator—able to explain technical vulnerabilities in business terms and turn business requirements into practical control objectives. You’re comfortable with GRC tools and see them as a way to create clarity from complexity. Most importantly, you’re hands-on, creative, and always looking for a smarter way to get things done—while keeping the team’s goals front and centre.

Apply Now!

We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.

Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.

Equal Opportunity and Inclusive Hiring

We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via careers@hkjc.org.hk. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.