Technical Manager - Cyber Risk Mitigation and Controls Implementation

The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:

• Assist in developing and implementing strategies to reduce cyber risks by identifying and addressing root causes
• Continuously monitor and track the effectiveness of implemented security controls. Identify vulnerabilities and areas for improvement
• Ensure that security measures, policies, and procedures are adequately implemented to protect information and assets while complying with applicable regulations, policies, and standards
• Monitor and support the investigation of cyber security incidents, assist in reducing their impact, and ensure corrective actions prevent future occurrences
• Engage with internal and external stakeholders to support cyber security assessments and audits. Provide guidance to address gaps and ensure recommended improvements are implemented
• Collaborate with the Cyber Risk Governance team to develop and deliver training programs to enhance understanding of security measures and individual responsibilities
• Work with senior leadership and business units to communicate the importance of cyber security risk management. Build and maintain strong relationships with internal and external stakeholders
• Stay informed about emerging cybersecurity technologies and trends. Evaluate their applicability to the organization and recommend adoption where appropriate

About You

You should have:

• Degree qualification in Computer Science or relevant disciplines
• Strong experience in technology, cyber risk management, or IT audit
• Good presentation skills to a broad audience and senior management
• Minimum 6 years of work experience in cyber security, information security, technology audit, or technology risk management
• Ability to build relationships with stakeholders and facilitate effective discussions at all levels
• CRISC, CISSP or equivalent is preferable
• Ability to manage multiple priorities, work independently, and in a collaborative environment
• Aptitude for technical writing (e.g., assessment reports, presentations, management dashboards, and risk indicators/metrics)
• Familiarity with ISMS, ISO 27000, ISO 31000, and major information security frameworks such as NIST and COBIT
• Proficient in control frameworks, IT general controls, and understanding of cybersecurity and technology risks, including infrastructure, cloud, and application security
• Strong foundation in operations, enterprise networking, operating systems, and database security risk controls
• Excellent problem-solving, risk management, and analytical abilities
• Capable of effectively managing multiple priorities
• Strong interpersonal, management, negotiation, and presentation capabilities
• Ability to contribute to effective governance at the management level

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.