The Information Security Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club by ensuring the availability, integrity, and confidentiality of the Club\'s communications and network infrastructure, application systems and data.
- Work with assigned Project Manager and Tech Lead to drive small- to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities, and ensure initiatives get completed on time and budget.
- Lead the process of selecting and reviewing of information security solutions.
- Conduct technical study and deliver technical suggestion and recommendation in design, development and system integration. Implement the assigned security initiatives and prepare necessary documentation in order to ensure compliance to the project development lifecycle, and getting endorsement from IT governance board and technical groups.
- Implement and oversee security training awareness program within the organization.
- Make decision and solve technical problems to provide an efficient environment for project implementation.
- Perform information security risk assessment and technical advisory for assigned project areas to ensure compliance to HKJC IS policy, standards and practices, as well as mitigation of all identified risks.
- Provide technical support in security log, feeds and raw source into SIEM for data security analytics.
- Enable dashboards for monitoring security information for the management and Cyber Security Operations team, to be able to provide various degree of visibility both real-time and over extended periods of the security events within the environment.
- Support in compiling and producing reports on monthly issue and trend for the enhancement of the functions of the Enterprise Security and Support management
- Recommend and execute ideas to improve processes based on lessons learnt over time in performing assigned duties
- Carry out other enterprise security and support duties that may be assigned by management.
You should have:
- A university degree with strong technical background, particularly in Information Technology, Information Security, application security/development and/or networking.
- 5 to 8+ years' experience working in technical IT roles, with at least 4 years' hands-on experience in enterprise security infrastructure, IS risk assessments or testing.
- A CISSP, GIAC, CEH or equivalent certification will be advantageous.
- Strong understanding of security principles, policies, and industry best practices.
- Experience in implementing cyber security and/or compliance systems relevant to Governance, Risk and Compliance platform, Data Lost Prevention, Threat Intelligence and/or Firewall Management.
- Experience in vendor engagement and delivering e-Learning awareness content and execute anti-phishing campaigns.
- Experience in secure network infrastructure, Anti-DDoS, NG Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy, as well as DNS hosting.
- Networking knowledge of networking essentials, data flows, architecture, ports, and protocols, wireless, etc.
- Promote security awareness and adoption of security standards and practices to staff members.
- Deep understanding of the application of a variety of security tools such as Crowdstrike, Forcepoint, Openpage, Palo Alto Networks, Prisma, Cortex XDR, Recorded Future Intelligence, WildFire, and/or etc.
- Able to implement security solutions such as Demisto, Splunk, ELK, Carbon Black, Darktrace, ALSID and/or Tufin.
- Good design and solution knowledge of Certificate Authority and PKI infrastructure and operations.
- Vendor engagement in designing e-Learning security awareness content and programme driver.
- Knowledge of incident response methodologies, security issues, vulnerabilities, exploits and security standards that may impact information security.
- Hands-on experiences to PC endpoint whitelisting, Web Isolation and/or MSS handling.
- Good working knowledge of various flavors of Windows and Linux, OS configuration, file system structures, OS components, mobile operating systems, etc.
The level of appointment will be commensurate with qualifications and experience. A contract employment will be offered to the successful candidate. Contract renewal will be subject to mutual agreement between the Club and the individual.
Only shortlisted candidates will be notified.
We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club\'s notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.