Technical Lead (Tech/Cyber Risk and Compliance) (Ref: 20004890)
The Hong Kong Jockey Club
Hong Kong

The Department

The Information Security (IS) Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club (HKJC) by ensuring the availability, integrity, and confidentiality of the Club's communications and network infrastructure, application systems and data.

You will :

  • Enhance current risk practices and the establishment of a risk framework
  • Align risk appetite and the required processes within the business
  • Develop risk management practices and create risk registers
  • Conducts risk assessment which can estimate the risks affecting the organization
  • Identify and capture risks and exceptions and subsequently monitor, track and manage them
  • Promote security awareness with risk culture mentality
  • Manage Risk & Controls Library, Impact Thresholds, Risk Reporting and Controls Testing
  • Inform technology risk and compliance requirements across Technology and the businesses
  • Support projects and non-project activities (e.g. Vulnerability Management prioritization)
  • Establish Third-Party Risk Management capabilities
  • Coordinate and Collaborate with internal, external audit and IT team and track with audit issues when applicable
  • You should have :

  • An university degree in Engineering, Computer Science, or related disciplines
  • Have 5 to 8 years relevant information security, IT audit, working experience, especially in the Technology Risk security space
  • Experienced with risk based assessment methodologies
  • Professional security qualifications (CISA, CISSP, CRISC etc.) are preferred
  • Sound knowledge of regulatory compliance practices, standards and methodology
  • Knowledge in process, standards e.g. ISO27000, 31000, NISA, COBIT etc.
  • Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security)
  • Strong knowledge base in operations, enterprise networking, operating systems and database security risk controls
  • Working knowledge of cybersecurity risk, tech risk and controls
  • Broad security and technology knowledge including DevOps and cloud infrastructure and IT general controls
  • Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks / Practices e.g. NISA, COBIT etc.
  • Familiarity with Audit engagement and consulting background in IT / Security / IT Audit, compliance are preferable
  • Strong interpersonal, management, negotiation and presentation skill
  • Ability to work independently and in a team-oriented, collaborative environment
  • An aptitude for technical writing, including assessment reports, presentations, and policy, standard and procedures
  • Detail-oriented and have a strong commitment to excellence
  • Good communication skills, in both English, Chinese and Cantonese, including written, spoken and with good presentation skill
  • Terms of Employment

    The level of appointment will be commensurate with qualifications and experience. An initial contract employment will be offered to the successful candidate subject to mutual agreement between the Club and the individual.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。