Executive Manager IT Risk Governance

About The Hong Kong Jockey Club

Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.

The IT Division

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen. Our team is a diverse mix of individuals from various backgrounds from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences. We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Job: Executive Manager IT Risk Governance

The Executive Manager IT Risk Governance is responsible for leading the implementation and execution of IT risk governance and control frameworks across both IT operations and business-facing services. The primary focus is to ensure that IT risks are effectively identified, assessed, and managed in alignment with enterprise risk strategies and international standards. This role plays a key part in enhancing the Club’s operational resilience by promoting a proactive risk culture and ensuring continuity of critical business functions. Acting as a trusted risk advisor, the job holder works closely with IT and business stakeholders to drive risk-informed decision-making and safeguard the organization's digital and operational assets.

• Implement and sustain the IT Risk Management Framework across IT and Business Divisions. Ensure leadership ownership of risk accountabilities and alignment with governance standards.
• Lead regular updates of risk scenarios with input from ERM and subject experts. Prioritize top risks and validate response decisions against set thresholds.
• Maintain and enhance the control library and support Risk Owners in identifying and assessing key controls. Ensure controls are appropriate, effective, and efficiently managed.
• Coordinate Key Risk Indicator monitoring and reporting. Communicate material risk updates, incidents, and lessons learned to divisional and Club governance.
• Collaborate with audit and oversight teams to execute risk control assurance programs. Test key controls based on risk profiles and address control gaps promptly.
• Support the development and implementation of mitigation strategies for material risks. Align disaster recovery planning with technology and business continuity objectives.
• Design and manage the business resilience program for IT and Business Divisions. Ensure readiness to respond to disruptions through robust continuity planning.
• Conduct business impact analyses and regular risk assessments. Improve resilience policies and engage departments in continuity planning and recovery procedures.
• Deliver training and awareness programs on resilience and continuity. Develop metrics and report program effectiveness to senior management.
• Ensure robust incident management processes are in place. Conduct timely root cause analyses and integrate findings into risk assessments and reporting.

About You

• Bachelor's Degree (preferred) in relevant risk management disciplines such as Operational Risk Management within an IT environment, Business Continuity and Resilience, Information Security, or IT Risk Management.
• Seasoned professional with deep expertise in developing and managing IT Operational Risk and Business Resilience functions within IT or Business Divisions.
• Proven track record in leading risk and business continuity functions in a technology-driven environment.
• 15+ years of experience executing first line of defense responsibilities in IT operational risk and business continuity management.
• Professional risk management certification (e.g., ISO 31000) and/or relevant industry body affiliation is an advantage.
• Capable of understanding the Club's unique nature, culture, and risk environment.
• Proficient in assessing and quantifying technology and operational risks, and recommending practical mitigation controls.
• Strong understanding of IT standards, governance, risk, and internal control best practices and trends.
• Experienced in delivering technology and/or operational risk management frameworks from inception.
• Solid experience in managing business resilience and continuity programs.
• Knowledge of enterprise architecture, service management, asset management, change management, and systems migration.
• Good understanding of the Club’s business strategies, priorities, risks, and controls in relevant functional areas.
• Technically astute with excellent analytical and decision-making skills.
• Strong communication and report writing skills in English.

Key skills/competency

• IT Risk Management
• Risk Governance
• Business Resilience
• Operational Risk
• Business Continuity Planning
• Information Security
• Control Frameworks
• Incident Management
• Stakeholder Management
• Audit Coordination