The Department

The objectives of the IT Risk & Controls Department are to establish and maintain a robust risk management methodology that effectively identifies, assesses, and mitigates risks related to IT processes and technology. The department ensures that the Club’s IT risk posture is accurately reported and that operations remain within the defined risk appetite, thereby enhancing operational integrity and resilience. By aligning its risk management approach with the Enterprise Risk Management Framework and the Technology Risk Management Framework, and by working closely with business units, the department promotes accountability and transparency across both IT and business functions.

The Job

• Policy Development and Maintenance

•  

  • Develop, review, and update IT risk policies, standards, and procedures to ensure they remain relevant and effective

  • Ensure policies align with organisational objectives, legal requirements, and industry standards (e.g., ISO, NIST, COBIT, ITIL)

• Compliance and Governance

  • Monitor compliance with IT risk policies and standards across the organisation

  • Conduct regular assessments to identify challenges in adhering to policies and identify areas for improvement

  • Collaborate with legal, risk management, and compliance teams to address regulatory requirements

• Communication and Training

•  

  • Communicate IT risk policies and standards to stakeholders, including employees, management, and third-party vendors

  • Develop and deliver training programs to ensure understanding and adoption of IT policies and standards

• Risk Management

  • Collaborate and support the IT Risk Governance team to identify and mitigate risks of the IT Division, including but not limited to operations, security, and data management

  • Work with the Cyber Security team to ensure policies address emerging threats and vulnerabilities

• Collaboration and Stakeholder Engagement

•  

  • Collaborate with IT teams, 2nd and 3rd Line of Defence, and senior management to ensure risk policies support business needs

  • Act as a liaison between IT and other departments to address risk policy-related issues

• Documentation and Reporting

•  

  • Maintain comprehensive documentation of IT risk policies, standards, and procedures

  • Prepare reports for senior management on policy compliance, risks, and recommendations

• Continuous Improvement

•  

  • Stay updated on industry trends, technological advancements, and regulatory changes

  • Propose and implement improvements to IT risk policies and standards to enhance efficiency and security

• Leadership and Team Development

•  

  • Lead and mentor a team of risk management professionals, fostering a high- performance culture

  • Provide guidance and development opportunities, ensuring the team adapts to emerging challenges and stays at the forefront of audit and control issues management trends and best practices

About You

• Bachelor's Degree (preferred) in relevant risk management disciplines (e.g., Operational Risk management within an IT department or organisation, Information Security, IT Risk Management)

• Professional risk management certification (e.g., ISO 31000) and /or industry body affiliation is an advantage

• Experienced seasoned professional with deep expertise in developing IT risk policies and standards

• Strong understanding of IT infrastructure, cybersecurity, data privacy, and regulatory compliance

• Proven track record in leading a risk function in a Technology environment

• 15+ years of experience in enacting the first line of defence IT operational risk role and responsibilities

• Capable of understanding the Club's unique nature and culture in terms of Risk Management

• Capable of assessing and quantifying technology and operational risks, assessing mitigation measures and providing practical recommendations on risk mitigation controls when needed

• Understand industry best practices and trends on IT standards, governance, risk, and internal control

• Proficient in delivering technology and/or operational risk management frameworks from inception

• Knowledge of enterprise architecture, service management, asset management, change management and systems migration

• A good understanding of business and product knowledge of the Club and the business strategies, priorities, risks and controls in his/her core or functional area of responsibility

• Technically astute and excellent analytical and decision-making ability

• Excellent communication and report writing skills in English

• Highly influential and communication skills

• High professional and ethical standards

• Strong leadership, with excellent people and relationship management skills

• Manage/handle multiple tasks, and work under pressure and with conflicting priorities

• Proactive with high levels of initiative

Apply Now!

We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.

Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.

Equal Opportunity and Inclusive Hiring

We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via [email protected]. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.