Technical Manager, Identity & Access Management

The Hong Kong Jockey Club

Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

• Onboarding of Club's systems into IAM and IGA platforms to centrally provide authentication services such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA), identity management services such as identity and access discovery, provisioning and de-provisioning, and governance activities such as access re-certifications
• Provide essential day-to-day BAU support by directly assisting business users and operational staff with identity and access-related issues, while actively coordinating with external vendors to ensure timely resolution, consistent service delivery, and compliance with support agreements
• Implement, enhance and/or automate the team's IAM workflows and processes in accordance with requirements, the Club’s relevant information security policies and standards, and cyber security industry best practices, to achieve both a high level of operational efficiency and cyber security posture
• Assess, plan, test and implement system and database upgrade activities, security patching, certificate renewals, security configuration hardenings and vulnerability remediations to ensure IAM and IGA systems are consistently running at optimum cyber hygiene levels
• Act as IAM SME to provide technical expertise and insights to define and document IAM requirements and solutions to manage each aspect of an identity and access lifecycle that will help meet the business needs of the stakeholders while upholding strong cybersecurity controls
• Work in tandem with the assigned project team, such as with the Project Manager, Architecture, Design and Delivery team, Portfolio Team and business stakeholders to implement and operationalise IAM projects
• Continuously identify and work together with the team and Cyber Security management to deliver any enhancement and automation initiatives or remediate any gaps that may exist in IAM security controls and workflows
• Perform monthly monitoring and management reporting of the team's operational metrics and Key Performance Indicators (KPI)
• Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours

About You

• University Degree in IT, Computer Science, Software Engineering, Cyber Security or related discipline
• 5 to 8 years' experience working in technical IT roles, with at least 3 years of hands-on experience in enterprise identity and access management systems
• Experience in integration of various authentication technologies such as Single-Sign On (SSO), Multi-Factor Authentication (MFA), Biometrics and Passwordless for both on-prem and cloud-based systems
• Experience in executing Identity and Governance Administration processes such as conducting access recertifications, designing access approval processes, implementing role-based access control (RBAC), ensuring segregation of duties and enforcing compliance policies
• Strong understanding of Active Directory, operating systems, networking protocols and cybersecurity concepts and technologies
• Champion adoption of security standards and best practices among business stakeholders
• Effective oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences
• Must possess analytical, problem-solving, and documentation skills
• CIAM, CISSP, CISM or equivalent certification is preferable
• Relevant specialised certifications in IAM or IGA systems will have an added advantage
• Hands-on experience in installation, integration and deployment in one or more of the following IAM solutions: Okta, Microsoft Entra ID, SailPoint, Ping/ForgeRock, Oracle, Saviynt, etc...
• Hands-on experience in PowerShell and BeanShell scripting
• Strong understanding and application of best practices in IAM systems design and maintenance
• Technical experience in integrating and supporting single-sign-on, ADFS & SAML federation, directory schema, namespace and replication topology, resource provisioning, role mining, identity & access governance, including role-based access control (RBAC), access request and certification
• Good working knowledge of Active Directory, Windows, Linux, OSX and mobile operating systems

Apply Now!

We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.

Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.

Equal Opportunity and Inclusive Hiring

We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via careers@hkjc.org.hk. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.