Head, IT Governance and Architecture (Ref: R5738)

The Head, IT Governance and Architecture is responsible for establishing, implementing, and maintaining the enterprise IT risk management and cybersecurity strategies for the authority. This role will oversee all aspects of enterprise architecture, cybersecurity, ensure compliance with relevant regulations, and mitigate risks associated with information technology systems and data.

You should be responsible for:

• developing and implementing a comprehensive IT risk management and cybersecurity strategy aligned with the organization's goals and regulatory requirements;
• formulating the overall risk and vulnerability assessment framework to identify and address potential threats to IT systems and data;
• devising and operationalizing the IT security incident response plan as an integrated, coordinated and comprehensive playbook for incident management of the Authority;
• developing and enforcing IT security policies, standards, and procedures to ensure compliance with applicable laws and regulations (e.g., GDPR, HIPAA);
• leading and mentoring the cybersecurity team, fostering a culture of continuous improvement and knowledge sharing;
• collaborating with other departments to ensure cybersecurity awareness and best practices across the organization;
• providing regular updates to senior management and the board regarding the organization's risk posture and cybersecurity incidents;
• assessing and managing third-party vendors and service providers to ensure they adhere to the organization's cybersecurity standards; and
• developing training programs to enhance awareness of cybersecurity risks and best practices among employees.

You should:

• possess a Bachelor’s degree in Information Technology, Cybersecurity, or a related field; a Master's degree is preferred;
• have a minimum of 12 years of experience in IT risk management and cybersecurity, with at least 5 years in a leadership role;
• have relevant certifications such as CISSP, CISM, CISA, or equivalent;
• have strong knowledge of security frameworks (e.g., NIST, ISO 27001), risk management processes, and current cybersecurity threats and trends;
• have Excellent knowledge of applicable laws, regulations, and industry standards related to information and cyber security domains;
• have proven ability to lead, inspire, and develop a high-performing team; and
• have excellent verbal and written communication skills, with the ability to communicate complex technical concepts to non-technical stakeholders.

For interested parties, please submit your application with detailed CV on or before 20 Nov 2024. Applicants are encouraged to submit their applications as soon as possible. The review of applications will continue until post is filled.

Data collected will only be used for job application processing. Your data may be accessed by our appointed recruitment consultants who have agreed to keep confidence of all personal data in not less than the standards applicable to us. Applicants not being invited for interview within 4 weeks from the submission date may assume their applications unsuccessful.

All related information will be kept up to 24 months and all personal data will be destroyed afterwards.

For more information, please visit https://www.westkowloon.hk or contact:

Airy Shum /+852 22000127