The Information Security Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club by ensuring the availability, integrity, and confidentiality of the Club's communications and network infrastructure, application systems and data.
You will :
Contribute / lead to Identity and Access Management (IAM) engagements to design and implement target processes of user’s management.
Provide functional expertise to define IAM solutions that meet the needs of business and operations.
Work with assigned Project Manager to drive small- to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities, and ensure initiatives get completed on time and budget.
Responsible for analysing and documenting business requirements, communicate and explain them effectively to all departments involved in the projects.
Lead technical subordinates to support IAM work-streams across various technology of federation, SSO and MFA authentication, workflow engine, IAM system integration including cloud-based applications, approval hierarchy, LDAP / AD, system upgrade and digital certificate management.
Perform information security risk assessment and technical advisory for assigned project areas to ensure compliance to HKJC IS policy, standards and practices, as well as mitigation of all identified risks.
You should have :
University degree or above in IT, Management Information System or cybersecurity.
5 to 8 years’ experience working in technical IT roles, with at least 3 years’ hands-on experience in enterprise identity and access management system, single sign on authentication, and security infrastructure.
Experience with security reverse proxy, federation gateway, policy and session server, workflow engine system and LDAP and Active Directory.
Experience performing identity access analysis with Security Data Analytic technology on SIEM, especially Splunk and / or ELK.
Experience in multi-factor authentication, secure adaptive and contextual control for strong authentication on account and device identity.
Strong understanding of networking protocols, operating systems and cyber security concepts and technologies.
Promote privileged account management and user account and access review recertification champion and adoption of security standards and practices to business stakeholders.
A CISSP, CISA or equivalent certification is preferable.
Knowledge of installation, integration and deployment of one of the following IAM products : SailPoint, CyberArk, ForgeRock, and similar products in a client environment.
Good knowledge of best practices in IAM systems design and maintenance.
Experience with role mining, role based access control and access certification with IAM products.
Able to support single sign on, ADFS & SAML federation, directory schema, namespace and replication topology, resource provisioning, identity & access governance including role based access control, access request, and certification.
Able to integrate one of the cloud IDPs e.g. Cloudflare, Okta, Pingidentity, and OneLogin with SaaS providers, Azure and AWS platforms.
Knowledge of security testing and incident response and handling for system urgent issues or faults.
Good working knowledge of Windows, Linux, OSX and mobile operating systems.
Terms of Employment
The level of appointment will be commensurate with qualifications and experience. A contract employment will be offered to the successful candidate.
Contract renewal will be subject to mutual agreement between the Club and the individual.