If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
HSBC Digital Business Services is a pivotal part of the Group, providing essential operational and technical support to our global businesses and helping improve customer service and efficiency. Digital Business Services combines global expertise and technology to help keep us ahead of the competition.
We are currently seeking a high calibre professional to join our team as anCybersecurity Simulations and Exercise Lead.
Principal Responsibilities
Role Description
The Cybersecurity Simulations & Exercise Lead is accountable for:
Creating and delivering tabletop exercises suitable for the various business lines and technology teams, taking responsibility for timely planning and execution of these exercises
Coordinating actions of various business units during the planning stages of an engagement to ensure timely delivery
Create live exercises to test parts of processes in a live environment
Support Red Team attack simulations analysing Operations response and assigning appropriate accountable parties to lead improvement actions
Manage the completion of post engagement reporting, assessing the response of the participants in line with documented procedures and industry standards
Facilitate after exercise meetings, explaining the findings and the potential impact and possible improvements
Cultivating close working relationships with regional Cybersecurity leads, Business Information Risk Officers (BIROs) and Risk Managers whose support and knowledge are vital in delivering the remediation of security incidents
Maintaining a strong awareness of technology trends and industry best practice, to enable the provision of informed advice and guidance to HSBC Business functions and HSBC IT
Developing, defining, validating and maintaining detailed processes and procedures to allow the consistent management of the response to cyber security incidents
Working with the Incident Management Team on live Incidents periodically to gain experience and exposure to processes and response capabilities
Directly contributing to the continued technical enhancement of the security platforms
Leading the continued evolution of incident management and response capabilities and processes, including automation and orchestration
Training, development and mentoring of other members of the Incident Management and Response team, as well as other members of the Global Cybersecurity Operations function
Supporting a "self-critical" culture whereby identification of weaknesses in the bank's control plane (people, process and technology) are brought to light in an effective manner and addressed
Supporting a culture of individual self-improvement whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly
Requirements
Certifications, Qualifications & Experience:
Skills
An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business
An understanding of organisational mission, values and goals and consistent application of this knowledge
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
An ability to perform independent analysis of complex problems and distill relevant findings and root causes
An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative and actionable manner
A team-focused mentality with the proven ability to work effectively with diverse stakeholders
Self-motivated and possession of a high sense of urgency and personal integrity
Highest ethical standards and values
Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and applicable laws
Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards
Experience of 3rd party/peer/regulatory/governmental information sharing and disclosure platforms and/or processes
Proven ability and experience of working in a high-pressure, fast paced environment where bold, time critical decision making is essential
Proven experience in crisis management, crisis response frameworks and communications
Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organisation
Ability to speak, read and write in English, in addition to your local language
Technical Skills
Excellent knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation
Good knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc
Good knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits
Good knowledge of common enterprise technology infrastructure, platforms, middleware, databases, applications and tooling, including; Windows, Linux, infrastructure management and networking hardware
Good knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane
Good knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google
Industry Experience and Qualifications
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this roleare as follows:
8+ years of experience in a senior incident management role
Extensive experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector
Industry recognised cyber security related certifications including; SANS GSEC, GCIH and/or CISSP
Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same
You'll achieve more when you join HSBC. http://www.hsbc.com/careers
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.