The Department

Security, Integrity and Information Security (SIIS) are responsible for the preservation of integrity by combatting criminality and corruption risks that can threaten horse racing, betting, and membership at the Club. The maintenance of a secure environment and integrity is key to our business. Not only is it important to ensure horse racing in Hong Kong is fair, it is also of paramount importance to the Club that there is governance and fair opportunities in all bet-placements. The department consists of Corporate Security, Racing Security & Integrity Assurance, Integrity & Financial Crime Risk (FCR) and Information Security Risk and Assurance (ISRA) teams.

The Deputy Executive Manager, Information Security Risk & Assurance will take responsibility for managing information security assurance and technology risk management programmes. You will report to the Executive Manager, Information Security Risk & Assurance.

You will be a key member involved in uplifting the Club’s information security assurance and technology risk reduction as a second line of defence. This role will be accountable for developing information security policies, managing compliance against the policies, maintaining technology risk management framework and managing control testing against technology and cyber risks.

As the deputy lead of the Information Security Risk and Assurance (ISRA) Department, be prepared to attend and contribute to joint planning workshops and work with the team lead in directing departmental resources, manage internal staff and/or professional services and inspire a culture of risk management through governance forums and risk champions.

The Job

You will:

• Coordinate information security and technology risk improvement initiatives of the Club.
• Support management committees in information security and technology risk.
• Develop and maintain information security policies that is in line with international best practice such as ISO27001 and NIST standards.
• Develop and maintain technology risk management framework that is in line with international best practice such as COBIT.
• Support a programme of works to improve information security and technology risk postures, including the Organizational Design, Technology and Processes required that are both feasible and suitable for the Club.
• Identify top information security and technology risks for the Club and monitor changes in their risk posture based on KRIs/KCIs and other metrics.
• Design and execute control testing to test the design and operating effectiveness of controls on a regular basis.
• Monitor and aggregate technology risk and facilitate in defining technology risk appetite and tolerance of the Club
  
  
  

About You

You should have:

• Degree qualification in Engineering, Computer Science or relevant disciplines
• Minimum 15 years of work experience in information security and technology risk management
• Knowledge in international technology control standards such as ITIL, COBIT, ISO27K series and NIST series
• Considerable knowledge and experience in second line of defence functions
• Technical knowledge and experience in designing and operating cybersecurity controls
• Strong presentation skill to broad audience and senior management
• Solid organisation, problem solving and analytical skills with the ability to work under pressure and set right priorities to deliver results on time
• Ability to build relationship with stakeholders and facilitate effective discussions with people at all levels
• Self-motivated and be able to drive large scale of programme and maintain the highest standards of conduct and integrity and ensure compliance with accepted industry practices, company policies, regulatory requirement
• Industry-recognised certification in information security, risk management or equivalent experience (CISA, CISM, CISSP, CRISC, ISO27000, ISO31000 etc.
  
  
  

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.