The Information Security (IS) Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club (HKJC) by ensuring the availability, integrity, and confidentiality of the Club's communications and network infrastructure, application systems and data.
You will :
Enhance current risk practices and the establishment of a risk framework
Align risk appetite and the required processes within the business
Develop risk management practices and create risk registers
Conducts risk assessment which can estimate the risks affecting the organization
Identify and capture risks and exceptions and subsequently monitor, track and manage them
Promote security awareness with risk culture mentality
Manage Risk & Controls Library, Impact Thresholds, Risk Reporting and Controls Testing
Inform technology risk and compliance requirements across Technology and the businesses
Support projects and non-project activities (e.g. Vulnerability Management prioritization)
Establish Third-Party Risk Management capabilities
Coordinate and Collaborate with internal, external audit and IT team and track with audit issues when applicable
You should have :
An university degree in Engineering, Computer Science, or related disciplines
Have 5 to 8 years relevant information security, IT audit, working experience, especially in the Technology Risk security space
Experienced with risk based assessment methodologies
Professional security qualifications (CISA, CISSP, CRISC etc.) are preferred
Sound knowledge of regulatory compliance practices, standards and methodology
Knowledge in process, standards e.g. ISO27000, 31000, NISA, COBIT etc.
Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security)
Strong knowledge base in operations, enterprise networking, operating systems and database security risk controls
Working knowledge of cybersecurity risk, tech risk and controls
Broad security and technology knowledge including DevOps and cloud infrastructure and IT general controls
Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks / Practices e.g. NISA, COBIT etc.
Familiarity with Audit engagement and consulting background in IT / Security / IT Audit, compliance are preferable
Strong interpersonal, management, negotiation and presentation skill
Ability to work independently and in a team-oriented, collaborative environment
An aptitude for technical writing, including assessment reports, presentations, and policy, standard and procedures
Detail-oriented and have a strong commitment to excellence
Good communication skills, in both English, Chinese and Cantonese, including written, spoken and with good presentation skill
Terms of Employment
The level of appointment will be commensurate with qualifications and experience. An initial contract employment will be offered to the successful candidate subject to mutual agreement between the Club and the individual.