The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:

• Develop, maintain, and own cyber security architecture patterns and design standards, using industry references and best practices (NIST, CIS, ISO, MITRE, OWASP, etc.) addressing - what, why, how, who, when, and where
• Develop, maintain, and own cyber threat modelling framework and apply it in conjunction with the risk management framework, risk assessment, and compliance with cybersecurity policies and standards
• Ensure coverage of cyber architecture patterns and design standards, and support extends to the current IT and cyber portfolio, as a priority. In addition, based on the demand and established priority, ensure support for evolving and emerging technologies such as multi, hybrid, public, and private clouds, Gen AI, DLTs, and Quantum resistance
• Develop and maintain NFRs and provide the required cyber architecture, design, and delivery support to the strategic business initiatives to complement their business functional requirements
• Work alongside PMO, delivery and BAU teams to establish project plans with scope, dependencies, constraints, timeframe, and including established BAU acceptance criteria, for club-wide cyber initiatives funded by CS, based on priorities, funding, and resourcing, and maintain a diligent focus on execution
• Conduct regular information-sharing sessions across management teams, independent of specific project deliverables, and with a focus on cyber architecture, design, product capabilities, people skills, and process maturity to seek feedback for continuous improvement
• Strive for product integration and consolidation, with immediate tactical steps and medium to longer-term approach, whilst articulating its rationale. Ensure rigorous competitive analysis, technical evaluations, vendor stability, professional services and support capabilities
• Mentor cyber design, delivery, and operational (BAU) teams. Remain up-to-date on evolving and emerging technologies. Distill hype (snake oil) across all cyber technologies. Excel in thought leadership as well as programme, project management, and people management across cross-functional teams across the Club
  
  
  

About You

You should have:

• Deep expertise and knowledge of the Security Domain with 10+ years of experience
• At least 4+ years of experience leading Security Architecture for a technology-focused organization
• Degree holder or Post-Graduate qualification in IT-related disciplines
• Sound knowledge and understanding of the latest security tools, security design methodologies, architecture frameworks and security risk assessment methods
• Relevant professional certifications (such as CISSP, CISM, GSE, or other equivalent) preferred
• Ability to speak English with good communication skills. Cantonese would be an advantage
• Able to accept technical challenges involved with defining the future of security
• A passion for educating and working with diverse technical teams
• Experience in security technologies including cloud, web application security, anti-bot solutions, WAF, application layer firewalls, IDS/IPS, SIEM, stateful inspection, TCP/IP, cryptography, authentication, OAUTH2.0, PCI DSS, different web application vulnerabilities, different attack vectors, vulnerability assessment and application penetration testing
• Experience with fundamental Internet protocols: BGP, GRE, MPLS, CDN, TCP/IP, SSL/TLS, HTTP, FTP, DNS
• Broad security and technology knowledge including DevSecOps and cloud infrastructure
• Programming experience - C, C++, J2EE, .NET, Flash/Flex, Web services and website development are a strong advantage
• Knowledge of ISMS, ISO27000 series, OWASP Top 10, MITRE and other major information security frameworks
  
  
  

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.