Technical Manager (Cyber Risk and Compliance) (IS - B2) (Ref: 20006109)
The Hong Kong Jockey Club
Hong Kong

The Department

The Information Security Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club by ensuring the availability, integrity, and confidentiality of the Club's communications and network infrastructure, application systems and data.

The Job

  • Support and drive security management’s directives in priority.
  • Enhance current practices to mitigate cyber risks and the establishment of a risk framework.
  • Align risk appetite and fine-tune processes necessary within the business.
  • Support and conduct security compliance and governance exercise and awareness refresh programme.
  • Follow and execute risk management practices with Risk Registers, Issue Management, Risk & Controls Library, Impact Thresholds, Risk Reporting, Controls Testing, and Security Governance.
  • Assess risks based on policy, standards, technology compliance requirements and best practices IT and business projects and activities.
  • Ensure security measures properly adopted for risk mitigation.
  • Risk exception and acceptance must be well governed, timely validated and properly escalated.
  • Prepare reporting to senior management on the current security posture.
  • Contribute to third-party risk management and well engage with and manage audit activities.
  • About You

  • University degree or above in IT, Management Information System, cybersecurity and / or risk compliance.
  • At least 5 years of experience in IT technical roles and audit, 3 years of hand-on in technology risk assessment and security compliance aspects.
  • Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks / Practices e.g. NIST, COBIT etc.
  • Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security).
  • IT background with operations, enterprise networking, operating systems and database security risk controls.
  • Sound skill across : DevSecOps, cloud security, PII, GDPR, and Cyber security laws in China.
  • High problem solving, risk management and analytical skills.
  • Strong interpersonal, management, negotiation and presentation skill.
  • CISA, CISSP, CRISC or equivalent is preferable.
  • Experience in adopting risk-based assessment methodologies and engaging audit counter-parts.
  • Experience in performing risk assessment and evaluation.
  • Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business.
  • Competency consulting background in IT, Cyber Security and / or IT Audit and Control Compliance.
  • Competency interacting with seasoned colleagues on Technology and Cybersecurity Risk, Audit and compliance agenda.
  • Experience in building and promoting risk awareness amongst IT and buz staff by providing support and training within the company
  • Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment.
  • An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators / metrics.
  • Terms of Employment

    The level of appointment will be commensurate with qualifications and experience.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。