Assistant Technical Manager, Vulnerability Management

The Cyber Security and Cloud Platforms Department protects the Club's information, information systems, network infrastructure, and cloud platforms. It establishes governance and formulates cyber security procedures to ensure consistent Club-wide safeguards and conformance to regulations. The team works to protect the reputation and operational resiliency of The Hong Kong Jockey Club.

Key responsibilities include:

• Performing threat assessment and patch management advisory operations via analysis of open and commercial security intelligence feeds.

• Collaborating with IT infrastructure, network operations teams, and other IT stakeholders to review and assess new set ups, changes, and upgrades to the organisation's network infrastructure and network components.

• Performing vulnerability scanning across the Club's technology landscape and working with key stakeholders to identify, govern, and mitigate identified vulnerabilities.

• Working with assigned Project Manager to drive small- to mid-size IS initiatives to evaluate, acquire, and deploy new IS technologies and capabilities.

• Conducting web scanning and automated code testing of in-house applications, and guiding developers and IT colleagues on coding best practices and mitigations.

• Supporting the closure of key cyber security threats and vulnerabilities.

• Participating in a diverse and inclusive culture with trust and respect, and contributing to cross-team/division/department efforts.

Requirements include:

• University Degree in computer science, engineering, or related discipline.

• Minimum of 5 years practical experience in IT Security Operations, Network infrastructure in a corporate environment with large-scale transaction websites and complex IT infrastructures.

• Cybersecurity certification such as GCIH, GSOC, CISSP, CISA, CISM, OSCP, MITRE ATT&CK Defender, or similar.

• Experience in Threat and Vulnerability Management.

• Technical background, particularly in web application development, infrastructure & networking.

• Excellent inter-personal skills.

• Ability to communicate technical topics to management and non-technical audiences.

• Strong analytical, problem-solving, and documentation skills.

• Expertise in security testing, threat and vulnerability management tools and techniques.

• Deep knowledge of secure networking infrastructure, Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy, and End-Point security.

• Working knowledge of security data analytics and incident handling.

• Working knowledge in ISO27001/2 or regulatory compliance standard.