Senior Technical Manager, Cyber Risk Mitigation and Controls Implementation

The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:
• Develop and implement cyber risk mitigation plans that align with the Club’s EMR framework
• Affirm the implementation of security measures, policies, and procedures to protect the Club’s information and assets
• Continuously monitor and evaluate the effectiveness of cyber risk mitigation efforts and report to senior management and board of management
• Provide assistance and collaborate with other teams to foster a culture of advanced security awareness among employees
• Collaborate with internal and external auditors to facilitate security audits and assessments, covering cybersecurity
• Stay at the forefront of emerging cybersecurity technology trends
• Evaluate the applicability and potential benefits of emerging technologies for the Club and make strategic recommendations for the adoption

About You

You should have:
• Degree qualification in Computer Science or relevant disciplines
• Strong experience in technology, cyber risk management, or IT audit
• Good presentation skills to a broad audience and senior management
• Minimum 8 years of work experience in information security, technology audit, or technology risk management
• Ability to build relationships with stakeholders and facilitate effective discussions at all levels
• CRISC, CISSP or equivalent is preferable
• Ability to manage multiple priorities, work independently, and in a collaborative environment
• Aptitude for technical writing (e.g., assessment reports, presentations, management dashboards, and risk indicators/metrics)
• Familiarity with ISMS, ISO 27000, ISO 31000, and major information security frameworks such as NIST and COBIT
• Proficient in control frameworks, IT general controls, and understanding of cybersecurity and technology risks, including infrastructure, cloud, and application security
• Strong foundation in operations, enterprise networking, operating systems, and database security risk controls
• Excellent problem-solving, risk management, and analytical abilities
• Capable of effectively managing multiple priorities
• Strong interpersonal, management, negotiation, and presentation capabilities
• Ability to contribute to effective governance at the management level

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.