Technical Manager - IT Risk Register and Metric

The Job

You will:

1. Support EM ITRG to implement the IT Risk Register within the IT Division, including:

• Continuously updating the control library and risk register

• Supporting DEM ITRG in recording the remediation effort and status of identified control deficiencies, reporting updates on the control assessment result and dashboard on control effectiveness and progress of improvement program

• Assist DEM ITRG to control assessments of third-party suppliers and record findings in the Risk Register

• Generate a Risk Dashboard from the risk register that illustrates the KRIs

2. Support the IT Audit and Control Oversight team to assess key operational controls and record results in the risk register

3. Supporting the EM ITRG to ensure the incident management process

• Root cause analysis of material incidents is conducted

• Assess if there are control deficiencies or effectiveness that led to incidents and record accordingly into the risk register

About you

You should have:

• Bachelor's Degree (preferred) in relevant risk management disciplines (e.g., Operational Risk management within an IT department or organisation, Information Security, IT Risk Management)

• Professional risk management certification (e.g., ISO 31000) and /or industry body affiliation is an advantage

• Experienced in implementing and running an Operational Risk Management function within an IT Division or organisation

• Proven track record implementing and administering the IT Risk Register

• 3+ years of experience in enacting the first line of defence IT operational risk role and responsibilities

• Capable of understanding the Club's unique nature and culture in terms of Risk Management

• Capable of assessing and quantifying technology and operational risks, assessing mitigation measures and providing practical recommendations on risk mitigation controls when needed

• Understand industry best practices and trends on IT standards, governance, risk, and internal control

• Experience in the implementation and maintenance of the Risk Register

• Experience in maintaining Risk Register and providing support on risk dashboard generation

• A good understanding of business and product knowledge of the Club and the business strategies, priorities, risks and controls in his/her core or functional area of responsibility

• Technically astute and good analytical and decision-making ability

• Good communication and report-writing skills in English

• Good communication skills

• High professional and ethical standards

• Good relationship management skills

• Manage/handle multiple tasks, and work under pressure and with conflicting priorities

• Proactive with high levels of initiative

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.