Senior Technical Manager (Information Security) (Ref: 20004917)
The Hong Kong Jockey Club
Hong Kong

The Department

The Information Security Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club by ensuring the availability, integrity, and confidentiality of the Club's communications and network infrastructure, application systems and data.

You will :

  • Maintain the operational effectiveness of the services offered by the Club’s Cyber Defence Platform and advise on changes affecting the Club's cybersecurity posture.
  • Lead and develop the capabilities of the Club’s information security analysts to ensure the Cyber Defence Platform is adequately staffed and fit for purpose.
  • Manage IT Security’s response to breaches and assist with containing any adverse situations.
  • Develop and maintain and cybersecurity forensic and investigation capacity in order to understand and reduce the recurrence of similar incidents
  • Produce monthly reports on Key Risk Indicators (KRIs) relating to the Club’s Cyber Defences and work with the Executive Manager for Cyber Operations and Defence to prioritise improvements in the Club’s Cyber Defence posture.
  • Maintain and good understanding new cyber defence technology and work with the Executive Manger for Cyber Operations and Defence to determine how it can integrated into the Cyber Defence Platform
  • Evaluate the security properties new technologies to ensure they are technically viable within the Club’s business operations environment.
  • You should have :

  • A university degree with strong technical background, particularly in Information Technology, security, application development and / or networking
  • At least 10 to 15 years of work experience in technical IT roles, with at least 5 years’ hands-on experience in enterprise security infrastructure and security operations centres.
  • Experience managing the necessary resources, including leadership support and key security personnel, to support the goals and objectives of a cyber defence capability
  • Experience with vulnerability assessments - scanning the environment, generating reports and engaging with system owners and stakeholders to make certain that any observed vulnerabilities or security concerns are addressed / remediated.
  • Experience with collecting and maintaining data needed to meet system cybersecurity reporting requirements
  • Experience performing analysis with Security Data Analytic technology such as SIEM, UEBA, ELK, SOAR
  • Proficient in English, Chinese and Cantonese, in both spoken and written. Working knowledge in Putonghua will have an advantage
  • Strong writing, communication and presentation skills
  • Well organised and is able closely follow up per check point on implementation timeline
  • Ability to work in cross teams
  • Ability to determine how security systems should work and how changes in conditions, operations, or the environment will affect these outcomes.
  • Ability to evaluate the trustworthiness of the supplier and / or product.
  • Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
  • Ability to integrate information security capability into the transition to operations process; using applicable controls defined by security architecture and risk process
  • Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
  • Able to implement and manage vulnerabilities scanning regimes on different network segment.
  • Able to identify gaps / weaknesses in SOC monitoring capability by mapping detection rules, e.g. SIEM use cases, Carbon Black watch lists, Darktrace models, AD monitoring and Firewall policy
  • Knowledge of incident response methodologies, security issues, vulnerabilities, exploits and security standards that may impact information security
  • Hands-on experiences to PC endpoint whitelisting, Web Isolation and / or MSS handling would be advantageous
  • Strong understanding of networking protocols, operating systems and cyber security concepts and technologies
  • Terms of Employment

    The level of appointment will be commensurate with qualifications and experience. A contract employment will be offered to the successful candidate.

    Contract renewal will be subject to mutual agreement between the Club and the individual.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。