At HSBC, the health and well-being of our employees remains of utmost importance. Many of our roles are permitted to work from home (in states in which HSBC is licensed to operate) until further notice. Upon resumption of normal operations, this role may be performed at our Chicago, Illinois office.
Big Bank Funding. FinTech Thinking.
Our technology teams work closely with HSBC's global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world's leading international bank.
Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
Following extensive investment across our Technology and Digital domains and with plans for continued expansion throughout 2021 and beyond, we are currently seeking a Head of Cybersecurity Risk and Controls Strategy (CRCS) Business Engagement for Wholesale and, Markets & Security Services (MSS) Business, to join HSBC Cybersecurity team within Technology.
Brief overview of the business areas
The Cybersecurity function is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.
Building out, leading and managing the CRCS Business Engagement activities to support Wholesale and, Markets & Security Services (MSS) business;
Working closely with core CRCS functions and the wider Cybersecurity teams to ensure the designed controls are embedded, fully understood and adhered to, emphasising the adoption on business and geographical level
Representing CRCS in regional and business senior management forums
Working with the Control Owners, 2LoD, 3LoD and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library and federated controls owned by the business, are designed according to the Bank's requirements and industry standards and best practises (e.g. NIST FSS);
Working with Cybersecurity Control Design and Continuous Control Monitoring teams to ensure local control issues are properly fed into global control design, monitoring and governance
Working with Cybersecurity MI & Reporting team to feed requirements from the business and geographies, ensuring continuous evolution of MI reporting, tailored to our global audience
Working with Cybersecurity Risk & Control Strategy (CRCS) teams to ensure that the measurements defined provide sufficient data for regional and business stakeholder reports and are aligned with the Cyber Risk Quantification (CRQ) model;
Support the Global Head of CRCS Business Engagement with designing, managing and maintaining processes and engagement model for the CRCS Business Engagement function.
The role holder will manage CRCS activities to support Wholesale and, Markets & Security Services (MSS) business within CRCS Business Engagement team that is part of HSBC's 1LoD Cybersecurity Risk and Controls Strategy (CRCS) function. As such the role holder must possess significant controls management experience, strong stakeholder management skills and experience, in order to help deliver a unified approach to controls management across the Group.
The CRCS Business Engagement team is responsible for implementing each of the core areas of CRCS within business and geographies:
Cybersecurity Risk Quantification (CRQ) - development, implementation and management of a mathematical model calculating the impact of improvements made to our control environment on risk exposure reduction. Providing an industry leading opportunity to translate complex cybersecurity concepts into business-friendly information allowing to make informed decisions in line with our risk appetite.
Cybersecurity Controls Design - designing Procedures, Operating Instructions and Control Instances, expanding on the newly implemented Risk Taxonomy and Control Library. Define and maintain a detailed Cybersecurity Controls Catalogue, continuously improving our controls design and implementation requirements.
Metrics & Reporting - definition and management of Key Control Indicators and providing a 'front-door' service to Global Businesses, Functions and Regions for any queries related to KCIs and output of the new Cybersecurity Metrics dashboard
Continuous Control Monitoring - developing the approach, implementing and maintaining a process for ongoing control monitoring. Designing an approach for automated evidence collation to facilitate reviews from Chief Controls Office, Resilience Risk and Audit.
Risk & Controls Strategy - embedding CRQ into wider Operational Risk Management Framework and controls ecosystem. Tying together all other components of the function into a cohesive strategy to ensure robust end to end control management and risk quantification.
Internal Number: 824145
HSBC was born from one small idea: a local bank serving international needs. We started our business in Hong Kong in 1865. In 2015, HSBC celebrates its 150th year anniversary. Over the years, HSBC grew through expanding its branch network, offering new products and establishing its own investment banking arm.
We aim to be where the growth is, connecting customers to opportunities, enabling businesses to thrive and economies to prosper, and ultimately helping people fulfill their hopes and realize their ambitions.
• Located in 72 countries and territories
• Serving around 48 million customers
• Supported by over 268,000* people
• Head office in US is New York City
We aim to be dependable, open and connected in everything we do. We want to ensure that our employees feel able to stand up for what is right, highlight potential risks and act with integrity, even when faced with pressure to act otherwise. By doing so, we will be able to meet expectations of society, customers, regulators and investors. To make sure everybody at HSBC lives up to these values, they are a part of everyone's annual performance review.
At HSBC, you will find that we are dependable, o...pen to different ideas and cultures, and connected to customers, communities, regulators and each other. Our culture has a family feel to it – our employees are encouraged to work together to reach a common goal. This idea is supported and encouraged at the leadership level and passed down.
Our size and global reach mean more opportunities for you to grow your career with us.
We are looking for forward-thinking, driven, perceptive candidates to help our customers realise their hopes, dreams and ambitions.
This means people who are dependable, open to different ideas and cultures, and enjoy being part of a team; people who have the potential to become the future leaders of HSBC.
We encourage you to drive your own development and build your network within your office and around the world.
We provide the opportunities for you to connect with customers, colleagues and the communities in which we operate.