Deputy Executive Manager, Cyber Risk Assessment and Analysis

The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:
• Develop and Lead the Cyber Risk Management Framework:

Task: Design and implement a comprehensive, forward-looking cyber risk assessment programme that aligns with the Club's Enterprise Risk Management (ERM) framework.

Expected Outcome: A robust, proactive risk assessment and analysis programme that effectively identifies, evaluates, and mitigates cyber risks, ensuring alignment with overall business objectives and regulatory requirements.
• Oversee Comprehensive Risk Assessments:

Task: Lead the planning, execution, and documentation of cyber risk assessments, identifying potential threats, vulnerabilities, and risks related to the Club's information assets, systems, and processes.

Expected Outcome: Timely and accurate identification of emerging cyber risks, along with detailed risk assessment reports that provide actionable insights for senior management and decision-makers.
• Evaluate and Strengthen Cyber Controls:

Task: Conduct in-depth reviews of the effectiveness of existing cyber controls, identify gaps, and recommend enhancements to mitigate identified risks.

Expected Outcome: Improved effectiveness of controls, reduced exposure to cyber threats, and enhanced compliance with internal policies and external regulations.
• Prepare and Deliver Risk Reports:

Task: Prepare detailed risk assessment reports, including key findings, risk profiles, and recommendations for action. Present these reports to senior stakeholders.

Expected Outcome: Clear and concise communication of cyber risks to executive leadership, resulting in informed decision-making and strategic risk mitigation.
• Prioritize and Treat Cyber Risks:

Task: Analyze and prioritize identified cyber risks based on their potential impact and likelihood. Work with senior management to define appropriate risk treatment strategies (mitigation, acceptance, avoidance, or transfer).

Expected Outcome: Optimized allocation of resources toward mitigating the most critical risks, ensuring that risk treatment strategies are aligned with the Club's risk appetite and business objectives.
• Implement Self-Control Assessment Frameworks:

Task: Develop and oversee processes for self-assessments within the Cyber Security Department to ensure continuous monitoring and evaluation of implemented controls.

Expected Outcome: Ongoing assurance that implemented controls are effective, with continuous improvement processes in place to address any identified weaknesses.
• Lead Advanced Scenario Analysis:

Task: Utilize advanced scenario analysis techniques to model potential cyber incidents and assess their impacts on the Club's operations.

Expected Outcome: Comprehensive understanding of worst-case scenarios with actionable plans to respond to incidents, ensuring business continuity and operational resilience.
• Foster and Lead a High-Performing Team:

Task: Oversee, mentor, and develop a team of cyber risk professionals. Ensure continuous professional development and foster collaboration across the team.

Expected Outcome: A highly skilled and motivated team that is capable of executing complex risk assessments and continuously improving the Club's cyber risk management capabilities.
• Maintain and Update Risk Registers:

Task: Manage and update the Cyber Risk Register, ensuring all identified risks are accurately documented, regularly reviewed, and updated.

Expected Outcome: A comprehensive and up-to-date Risk Register that reflects the current risk landscape, enabling timely and informed risk management decisions.
• Foster a Collaborative, Diverse, and Inclusive Culture:

Task: Actively contribute to creating a diverse and inclusive culture by promoting trust, respect, and open communication. Lead by example through collaborative behaviours and support cross-team, division, and department initiatives that foster teamwork, knowledge-sharing, and collective problem-solving.

Expected Outcome: A workplace that thrives on diversity and inclusion, where employees feel valued and respected. Improved cross-functional collaboration leads to stronger team dynamics and enhanced innovation. Leadership in modelling collaborative behaviours fosters a positive, and cohesive environment.

About You

You should have:
• Bachelor’s degree in Computer Science, Information Technology, or a related field. Advanced qualifications or certifications are advantageous
• At least 10 years of experience in information security, technology audit, or risk management, with significant expertise in cyber/technology risk management, IT controls, IT compliance, and a strong understanding of frameworks such as NIST and COBIT
• Proven ability to apply risk-based assessment methodologies, conduct comprehensive risk evaluations, and collaborate effectively with key stakeholders
• Professional certifications such as CISA, CISSP, CRISC, or equivalent are strongly preferred
• Proven leadership experience managing risk management teams or directing large-scale risk-related projects
• Excellent communication and presentation skills, with the ability to clearly convey complex risk management and compliance concepts to senior management and diverse audiences
• Strong relationship-building skills, with the capability to engage stakeholders at all levels, driving alignment and fostering effective discussions on risk management initiatives
• Experience leading, mentoring, and developing high-performing teams in risk management or cybersecurity environments
• Experience in raising risk awareness within the organization, providing training and support to staff on cybersecurity and IT risk management best practices
• Ability to prioritize and manage multiple projects in a dynamic environment, working both independently and collaboratively with cross-functional teams
• Proficient in technical writing, including the preparation of risk assessment reports, presentations, management dashboards, and key risk indicators/metrics
• Knowledge of ISMS, ISO 27000, ISO 31000, NIST, COBIT, and other major information security and risk management frameworks
• Strong expertise in audit control frameworks, IT General Controls (ITGC), and Cybersecurity Risk, with a focus on infrastructure, cloud, and application security
• Proven experience in enterprise networking, operating systems, cloud environments, and database security controls, ensuring comprehensive risk mitigation
• Advanced skills in emerging practices such as DevSecOps, cloud security, and compliance with data privacy regulations (e.g., PII, GDPR) and cybersecurity laws
• Exceptional problem-solving, risk management, and analytical skills for identifying and mitigating complex risks
• Ability to manage multiple high-priority projects in a fast-paced environment, ensuring timely risk mitigation and alignment with business goals
• Strong leadership, negotiation, and presentation skills, with experience influencing senior management and board-level decision-making
• Proven ability to collaborate effectively on cybersecurity, technology, and risk management initiatives with senior stakeholders
• Experience contributing to governance, ensuring integration of risk management, security, and compliance efforts at the organizational level

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

Enquiries

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.