The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.
As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.
1 Cyber Risk Management
Identify, assess and communicate the cyber risks to the business and/or critical supporting functions, adhering to the Club’s cyber risk management framework
Establish and manage the cyber risk profile for the business and/or critical supporting functions, and ensure treatment plans are defined, funded and tracked
Represent the Cyber Security Department at the non-financial risk committees chaired by the business and/or critical support functions, providing cyber advisory and presenting the cyber risk profile, highlighting material risks and other related updates
Advise the business and/or critical supporting functions of the updates to the Club’s cyber security policies and standards, and ensure a plan and funding are in place to adopt them
2 Business-Cyber Security Alignment
Embed cyber security into the business’s and/or critical supporting functions’ strategy and objectives, and throughout their projects and day-to-day operations
Ensure the Club’s cyber security strategy, policies, standards and solutions are relevant to the goals and challenges of the business and critical supporting functions, and the applicable regulatory requirements
Ensure the Club’s policies and standards are fully complied with across its processes and systems
Raising the cyber risk awareness and culture within the business and/or critical supporting functions, leveraging the Club’s cyber awareness and training programs
Convey the needs from respective business units for the creation of the Cyber Security programme awareness and promotion of the cyber security control adoption across the business and/or critical supporting functions
Advocate for modern Agile InfoSec practices, balancing security and business agility through a pragmatic risk-based approach
Liaise between Cyber Security and Business stakeholders to ensure seamless integration of Cyber Security controls
3 Stakeholder Collaboration and Communication
Act as a trusted cyber advisor, fostering partnerships between Cyber Security and Business & IT teams
Translate complex security concepts and requirements into actionable and business-friendly guidance
During cyber security incidents, provide periodic sitrep to the business and/or critical supporting functions, and continuously assess the business impact of it
Develop clear and concise updates on the cyber risk profiles, strategy, policies and standards, ensuring they are tailored for the non-financial risk committee members
Bachelor’s degree holder, e.g., Computer Science, IT, or other disciplines; a Master’s degree is preferred
10+ years of experience in cyber risk management, cyber risk governance, or related fields
Exceptional communication skills, with the ability to translate technical concepts for diverse audiences
Expertise in stakeholder engagement, including senior executives and board members
Demonstrated ability to foster business partnerships and to cultivate a strong risk culture
Exceptional English writing and verbal communication skills, with the ability to present complex concepts to non-technical audiences
Proficiency in the key cyber control domains, cyber risk management, governance frameworks and GRC tools
Strong organisational and multitasking abilities with meticulous attention to detail
Excellent stakeholder management and relationship-building skills
We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.
Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.
We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via [email protected]. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.
Information Technology>Security Specialist / Risk Management
HK$ -
Full Time
Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.
We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.
Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.
We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.
We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.
