Technical Manager, Cyber Incident Response

The Department
The Cyber Security and Cloud Platforms Department is responsible for the protection of the Club's information, information systems, network infrastructure and cloud platforms, as well as assurance over the resiliency and continuity of the Club's IT infrastructure. The team is also responsible for establishing governance and formulating cyber security procedures and guidelines to ensure consistent Club-wide safeguards and conformance to regulations in Hong Kong and China. It works to protect the reputation and enhance the operational resiliency of The Hong Kong Jockey Club.

The Job
• Deliver advanced analysis and recommend remediation steps for cyber security events and related IT incidents.
• Create and update process document to address contemporary gaps observed from new cyber scenarios.
• Lead investigation on security incident to minimalize the risks to an acceptable level.
• Perform root cause analysis and recommend necessary actions to be taken.
• Analyse business needs in the information security area and recommend and give opinions on technical security implementations and solutions to several levels within the club.
• Advise security engineering team in detection gaps and any observation in security control gaps coverage.
• Support integration of security controls including SOAR, SIEM, Threat Intelligence Platform, DLP, UEBA, and Incident Management System.
• Coordinate the remediation of security issues during incidents.
• Align personal development plan with business objectives and embrace the transformation to move the team/department forward.

About You
• University degrees in Computer Science, Engineering or related discipline
• 5+ years of IT experience with at least 2 years in cyber security field
• Familiar with NIST "Computer Security Incident Handling Guide"
• Experience with SIEM or similar cyber incident and event management system
• Experience with OWSAP Top 10 and DDoS attack techniques and protection
• Experience with offensive and defensive security operations
• Experience with one or more public cloud security products
• Experience in writing playbooks to leverage different technologies, within a metric cooperation environment
• Experience with CIS Controls, Vulnerability Scanner, EDR, IPS/IDS, WAF, Security Email Gateway, Security Web Proxy etc.
• Managed SIEM end-to-end, including contemporary threat hunting, and full-stack security log on-boarding process
• Able to manage execution of action plans for ensuring the safety and security of all information system assets
• Preferable past working experience with HKMA on C-RAF 2.0, and iCAST 2.0

• Knowledge of a broad range of cyber security topics e.g., governance, identity and access management, supply chain risks, security operations, incident management etc.
• Understanding of network security zones, firewall, IPS/IDS
• Knowledge of cloud services platform such as Amazon Web Service, Azure, and Google Cloud
• Experience on vulnerability assessment