The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:

• Develop and implement advanced risk mitigation strategies based on identified cyber risks
  
  
  

Expected Outcome: Effective risk mitigation strategies are in place, reducing the Club's exposure to cyber threats. The Club's information security posture is strengthened, leading to fewer security incidents and ensuring compliance with relevant industry standards

• Oversee the implementation of sophisticated security measures, policies, and procedures to protect the Club’s information assets
  
  
  

Expected Outcome: Robust security measures, policies, and procedures are successfully implemented, ensuring the Club’s information assets are protected from unauthorized access, breaches, and other cyber threats. Compliance with best practices and regulatory requirements is maintained

• Continuously monitor and evaluate the effectiveness of cyber risk mitigation efforts and report to senior management and the board of management
  
  
  

Expected Outcome: Regular reports are provided to senior management and the board, demonstrating the effectiveness of current risk mitigation efforts. Continuous improvements are made based on feedback and evolving threats, ensuring the Club's cyber resilience is up to date

• Provide assistance and collaborate with other teams to foster a culture of advanced security awareness among employees.
  
  
  

Expected Outcome: A strong culture of cybersecurity awareness is established across the organization, leading to reduced human error and increased vigilance against cyber threats. Employees are well-informed and proactive in safeguarding the Club's information assets

• Collaborate with internal and external auditors to facilitate security audits and assessments, covering cybersecurity
  
  
  

Expected Outcome: Security audits and assessments are successfully completed, with minimal findings or issues. Recommendations from auditors are promptly addressed, and the Club consistently demonstrates strong cybersecurity practices

• Stay at the forefront of emerging cyber security technologies trends
  
  
  

Expected Outcome: The Club remains ahead of emerging cyber threats by adopting cutting-edge security technologies and practices. This allows for proactive defences, minimizing the risk of falling victim to newly evolving cyber-attacks

• Evaluate the applicability and potential benefits of emerging technologies for the Club and make strategic recommendations for adoption
  
  
  

Expected Outcome: Strategic recommendations are made for adopting emerging technologies that enhance the Club’s security infrastructure, operational efficiency, and competitiveness. The Club leverages the most suitable innovations to improve its overall cybersecurity framework

About You

You should have:

• Degree in Computer Science, Information Technology, Cybersecurity, or a related discipline. A relevant master’s degree is a plus
• 10+ years of experience in cybersecurity, IT risk management, or a related field, with a minimum of 5 years in a leadership role
• Proven experience in developing and implementing cyber risk mitigation strategies and cybersecurity frameworks that align with enterprise risk management
• Strong technical expertise in security controls, incident response, and remediation strategies, with hands-on experience in deploying and monitoring security measures
• Experience in IT and cybersecurity audits and assessments, including working with internal audit teams and external auditors to identify gaps and ensure compliance with regulatory and industry standards
• In-depth knowledge of cybersecurity standards and frameworks such as NIST, ISO 27001, COBIT, and CIS Controls
• Experience working with 2nd and 3rd Lines of Defense teams, supporting cybersecurity audits, assessments, and compliance initiatives
• Familiarity with emerging cybersecurity technologies and the ability to assess their impact on the organization
• Proven leadership and team development experience, with a demonstrated ability to mentor and lead high-performing teams
• Strong experience in stakeholder management and the ability to communicate cybersecurity risks and strategies effectively to executive leadership and board members
• Certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable
• Strong knowledge of ISMS and major security frameworks (ISO 27000, ISO 31000, NIST, COBIT)
• Experience in audit control frameworks, ITGCs, and cybersecurity risk across infrastructure, cloud, and applications
• Solid IT background in enterprise networking, operating systems, and database security controls
• Proficient in DevSecOps, cloud security, PII protection, GDPR, and cybersecurity laws
• Skilled in problem-solving, risk management, and mitigating complex risks
• Proven ability to manage multiple tasks efficiently and meet deadlines
• Strong leadership, negotiation, and communication skills for diverse audiences
• Experienced in collaborating with senior colleagues on cyber risk strategies
• Contributed to governance and risk management at the executive level
  
  
  

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.