Technical Manager (Information Security) (IS - SP13) (Ref: 20006436)
The Hong Kong Jockey Club
Hong Kong

The Department

The Information Security Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club by ensuring the availability, integrity, and confidentiality of the Club's communications and network infrastructure, application systems and data.

The Job

  • Work with assigned Project Manager and Tech Lead to ensure security is built into solutions from the start of the project.
  • To recommend, evaluate and implement IS controls and technical capabilities, ensuring initiatives get completed on time and budget.

  • Support the process of selecting and reviewing of information security solutions.
  • Conduct technical studies, and provide technical recommendations in design, development and system integration. Implement assigned security initiatives and prepare necessary documentation in order to ensure compliance to the project development lifecycle, and getting endorsement from IT governance board and technical groups.
  • Support the implementation of the security training awareness program within the organization.
  • Make decision and solve technical problems to provide an efficient environment for project implementation.
  • Support the Risk Team in performing information security risk assessment and be the technical advisory for assigned project areas to ensure compliance to HKJC IS policy, standards and practices, as well as mitigation of all identified risks.
  • Provide technical support in security log, feeds and raw source into SIEM for data security analytics.
  • Enable dashboards for monitoring security information for the management and Cyber Security Operations team, to be able to provide various degree of visibility both real-time and over extended periods of the security events within the environment.
  • Support in compiling and producing reports on monthly issues and trends for the enhancement of the functions of the Enterprise Security and Support management.
  • Recommend and execute ideas to improve processes based on lessons learnt over time in performing assigned duties.
  • Carry out other enterprise security and support duties that may be assigned by management.
  • About You

  • A university degree with strong technical background, particularly in Information Technology, Information Security, application security / development and / or networking.
  • 5 to 8+ years’ experience working in technical IT roles, with at least 3 years’ hands-on experience in enterprise security infrastructure, IS risk assessments or testing.
  • A CISSP, GIAC, CEH or equivalent certification will be advantageous.
  • Good knowledge of various database types and technologies, in particular Oracle and MSQL databases,
  • Deep understanding of database encryption technologies, database proxies, secure protocols etc.
  • Deep understanding of security threats with respect to SQL injection attacks, virtual private databases and database auditing, searchable encryption,
  • Able to implement security solutions such as Demisto, Splunk, ELK, Carbon Black, Darktrace, ALSID and / or Tufin.
  • Good design and solution knowledge of Certificate Authority and PKI infrastructure and operations.
  • Vendor engagement in designing e-Learning security awareness content and programme driver.
  • Knowledge of incident response methodologies, security issues, vulnerabilities, exploits and security standards that may impact information security.
  • Hands-on experiences to PC endpoint whitelisting, Web Isolation and / or MSS handling.
  • Good working knowledge of various flavours of Windows and Linux, OS configuration, file system structures, OS components, mobile operating systems, etc.
  • Strong understanding of security principles, policies, and industry best practices.
  • Good knowledge and experience of Database Security, Data Protection, Database Encryption technologies, Data Flow Mapping etc.
  • Experience in implementing cyber security controls and / or compliance systems relevant to Governance, Risk and Compliance platforms, Data Loss Prevention, Threat Intelligence and / or Firewall Management.
  • Experience in third party assurance and vendor engagement
  • Experience in secure network infrastructure, Anti-DDoS, NG Firewall, IDS / IPS, WAF, Secure MTA, Load Balancer, Internet Proxy, as well as DNS hosting.
  • Networking knowledge of networking essentials, architecture, ports, and protocols, wireless, etc.
  • Promote security awareness and adoption of security standards and practices to staff members.
  • Terms of Employment

    The level of appointment will be commensurate with qualifications and experience. A contract employment will be offered to the successful candidate.

    Contract renewal will be subject to mutual agreement between the Club and the individual.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。