Technical Lead / Senior Analyst (Technology and Cyber Risk)

The Hong Kong Jockey Club
Hong Kong
Permanent
115 days ago
About the job
Job descriptions
DEPARTMENT:

The Information Security Department of the Information Technology and Sustainability Division works to protect the reputation and enhance operational resiliency of the Hong Kong Jockey Club by ensuring the availability, integrity, and confidentiality of the Club\'s communications and network infrastructure, application systems and data.

JOB_DESCRIPTION:

You will:

- Support and drive security management's directives in priority.

- Perform assessment of information systems, based upon the Risk Management Framework (RMF), policy, standards and technology compliance requirements, and adopt best practices on IT and business projects and activities in a balanced manner.

- Follow and execute risk management practices with Risk Registers, Issue Management, Risk & Controls Library, Impact Thresholds, Risk Reporting, Controls Testing, and Security Governance.

- Review and compile security assessment reports, risk acceptance recommendations, and risk control and mitigation to support the recommendation for technology risk acceptance authorization decisions.

- Ensure security measures and best practices properly adopted for risk mitigation on IT and business projects and activities.

- Risk exception and acceptance must be well governed, timely validated and properly escalated.

- Prepare reporting to senior management on the current security posture.

- Support audit activities and consolidate artefacts from IT and business stakeholders for audit closure.

- Promote and conduct security awareness and events.

ABOUT_YOU:

You should have:

- University degree or above in IT, Management Information System, cybersecurity and/or risk compliance.

- At least 5 years of experience in IT technical roles and audit, 3 years of hand-on in technology risk assessment and security compliance aspects.

- CISA, CISSP, CRISC or equivalent is preferable.

- Hands of experience reviewing the following: security assessment plan, security assessment reports, system security plan and/or security control traceability matrix.

- Experience in performing risk assessment and evaluation based on adopting risk-based assessment methodologies.

- Experience in reporting technology risk tailored to IT and business stakeholders.

- Competency consulting background in IT, Cyber Security and/or IT Audit and Control Compliance.

- Experience in building risk awareness amongst staff by providing support and training within the company.

- An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators/metrics.

- Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.

- Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security).

- IT background with operations, enterprise networking, operating systems and database security risk controls.

- Sound skill across: DevSecOps, cloud security, PII, GDPR, and Cyber security laws.

- High problem solving, risk management and analytical skills.

- Detail oriented and have a strong commitment to excellence.

- Able to master good communication skills including written, spoken and presentation skills.

- Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment.

TERMS_OF_EMPLOYMENT:

The level of appointment will be commensurate with qualifications and experience. A contract employment will be offered to the successful candidate. Contract renewal will be subject to mutual agreement between the Club and the individual.

CLOSING_DATE:

Only shortlisted candidates will be notified.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club\'s notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.
Skills required
Popular courses
Understanding Marketing Basics For Businesses
The biggest problem with marketing today is that it’s overwhelming. So many different strategies, tactics, and tools to try – with everybody screaming that their way is the best way, if not the only way to get results. That’s why in this episode I’m going to help you cut through the clutter and focus on 10 key marketing basics and fundamental principles you must know to succeed with marketing today.
How To Get Clients With Cold Emails
This is a crash course in writing cold emails that will convert into leads. I've made this course as simple and to the point as possible. No fluff, no marketing buzzwords to bog you down. Just 100% pure unadulterated actionable information for you to start using ASAP.
How To Become Smarter A Step By Step Guide To Improving Your Intelligence
The point of our course is to be able to apply concepts in a practical manner. I want you to walk away from each video with real, actionable skills - not just dull theory. With that being said, it's time for a short assignment: the intelligence checklist. This will help you internalize and better understand how the concepts you've learned in the last half hour apply to the real world.
Explore all courses

At Vanna we believe you should enjoy what you do and where you work. We provide unique insights into the culture, values and environment of companies and their opportunities as well as expert career advice.

The newsletter that does the job

Relevant advice, informative tips, job offers, company profiles and more...

You can unsubscribe whenever you want. We won’t bother you, promise.