The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.
As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.
Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club’s context and the external threat landscape
Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee its implementation it
Degree in Computer Science, Information Security, and/or related discipline
12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams
Strong experience covering Vulnerability Management services and required operating procedures
High degree of logical and analytical thinking skills, particularly in the different categories of vulnerabilities and how they work
Strong service and customer-focused approach to the service being delivered
Excellent interpersonal, collaborative and communication skills
Well-disciplined with exemplary professional competence and integrity
Experience with the following services and technologies – Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
Industry-recognised certification in one or more of the following – CISSP, CISM, etc.
We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.
Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.
We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via [email protected]. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.
Information Technology>IT System Management
HK$ -
Full Time
Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.
We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.
Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.
We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.
We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.
