The Information Security Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club by ensuring the availability, integrity, and confidentiality of the Club's communications and network infrastructure, application systems and data.
You will :
Maintain the operational effectiveness of the services offered by the Club’s Cyber Defence Platform and advise on changes affecting the Club's cybersecurity posture.
Lead and develop the capabilities of the Club’s information security analysts to ensure the Cyber Defence Platform is adequately staffed and fit for purpose.
Manage IT Security’s response to breaches and assist with containing any adverse situations.
Develop and maintain and cybersecurity forensic and investigation capacity in order to understand and reduce the recurrence of similar incidents
Produce monthly reports on Key Risk Indicators (KRIs) relating to the Club’s Cyber Defences and work with the Executive Manager for Cyber Operations and Defence to prioritise improvements in the Club’s Cyber Defence posture.
Maintain and good understanding new cyber defence technology and work with the Executive Manger for Cyber Operations and Defence to determine how it can integrated into the Cyber Defence Platform
Evaluate the security properties new technologies to ensure they are technically viable within the Club’s business operations environment.
You should have :
A university degree with strong technical background, particularly in Information Technology, security, application development and / or networking
At least 10 to 15 years of work experience in technical IT roles, with at least 5 years’ hands-on experience in enterprise security infrastructure and security operations centres.
Experience managing the necessary resources, including leadership support and key security personnel, to support the goals and objectives of a cyber defence capability
Experience with vulnerability assessments - scanning the environment, generating reports and engaging with system owners and stakeholders to make certain that any observed vulnerabilities or security concerns are addressed / remediated.
Experience with collecting and maintaining data needed to meet system cybersecurity reporting requirements
Experience performing analysis with Security Data Analytic technology such as SIEM, UEBA, ELK, SOAR
Proficient in English, Chinese and Cantonese, in both spoken and written. Working knowledge in Putonghua will have an advantage
Strong writing, communication and presentation skills
Well organised and is able closely follow up per check point on implementation timeline
Ability to work in cross teams
Ability to determine how security systems should work and how changes in conditions, operations, or the environment will affect these outcomes.
Ability to evaluate the trustworthiness of the supplier and / or product.
Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
Ability to integrate information security capability into the transition to operations process; using applicable controls defined by security architecture and risk process
Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Able to implement and manage vulnerabilities scanning regimes on different network segment.
Able to identify gaps / weaknesses in SOC monitoring capability by mapping detection rules, e.g. SIEM use cases, Carbon Black watch lists, Darktrace models, AD monitoring and Firewall policy
Knowledge of incident response methodologies, security issues, vulnerabilities, exploits and security standards that may impact information security
Hands-on experiences to PC endpoint whitelisting, Web Isolation and / or MSS handling would be advantageous
Strong understanding of networking protocols, operating systems and cyber security concepts and technologies
Terms of Employment
The level of appointment will be commensurate with qualifications and experience. A contract employment will be offered to the successful candidate.
Contract renewal will be subject to mutual agreement between the Club and the individual.