Senior Manager, IT Governance and Architecture

The West Kowloon Cultural District Authority welcomes exceptional talent with a passion to realise the vision and mission of making the West Kowloon Cultural District a prime local and international destination for arts, culture and entertainment.

The Senior Manager, IT Governance and Architecture is responsible for leading the Authority’s critical infrastructure and systems protection, and formulating the overall computer system security management plan and operation models as the organization-level security governance framework and managing practices to safeguard the robustness and security of computing systems in the enterprise architecture.

You should be responsible for :

performing and coordinating assessment activities regarding the organization's security posture, against regulatory requirements and industry best practices, to identify areas for improvement;

devising and organising effective measures to beef up the current security management landscape, ensuring compliance with legislative and governance requirements including but not limited to critical infrastructure and public-facing IT system protection;

acting as the contact point with the Commissioner’s Office for Critical Infrastructure Protection, envisioned to be setup under Security Bureau, and other governmental or statutory bodies to facilitate efficacious collaboration and incident reporting between WKCDA and applicable regulatory authorities;

establishing and maintaining a pragmatic incident response plan to effectively manage and mitigate cybersecurity incidents;

providing regular updates to IT management regarding the organization's risk posture and cybersecurity incidents;

identifying stakeholders and manage their expectation through effective communication and relationship management;

assessing and managing third-party vendors and service providers to ensure they adhere to the organization's cybersecurity standards; and

organising training activities to promote the value and importance of cybersecurity, ensuring awareness and best practices across the organization.

You should :

possess a Bachelor’s degree in Information Technology, Cybersecurity, or a related field; a Master's degree is preferred but not a must;

have Minimum of 10 years of IT experience, including at least 5 years in security governance or management roles, with a demonstrable track record of managing security audits, risk assessments, threat mitigation and incident response processes;

have relevant certifications such as CISSP, CISM, CISA, or equivalent;

have strong knowledge of security frameworks (e.g., NIST, ISO 27001), risk management processes, and current cybersecurity threats and trends;

have excellent knowledge of applicable laws, regulations, and industry standards related to information and cyber security domains;

have proven ability to lead and influence team members to achieve common goals; and

have excellent verbal and written communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders.