Control Owner - Authentication and Authorisation Management
Join a digital first bank that’s powered by people.
Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.
In our cybersecurity team you’ll be helping to safeguard the financial system on which millions of people depend.
You’ll be making banking more secure by designing, implementing, and operating controls to manage cybersecurity risk. You’ll help define HSBC Group cyber security standards, deliver Global Security Operations ad Threat management services, provide round-the-clock monitoring and security incident response services, and oversee Network/Application/Infrastructure Security. The work you do will provid3e assurance of the adequacy and effectiveness of security controls to Business Risk Owners.
The role of the Head of Authentication and Authorisation is to develop, implement and monitor centralised Group IAM authentication controls for HSBC staff. The ideal candidate will have a strong background in Information Security and IAM and be responsible for ensuring the protection of sensitive data and systems through effective authentication control practices for at least the following:
• Primary authentication (e.g., Centralised Directory Services)
• Enhanced authentication (e.g., Multi-Factor Authentication)
This includes assessing and reporting on the status of the HSBC IT estate's compliance to Authentication Policy, Standards, and Operational Risk Controls.
As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.
In this role you will:
• Develop, implement, and maintain authentication control policies and procedures to ensure the protection of sensitive data and systems. Monitor authentication control activities to ensure compliance with policies and procedures and report on this by introducing relevant Key Control Indicators (KCI’s
• Collaborate (as the control SME) with cross functional teams, including Cybersecurity, IT, and business units, to ensure authentication control strategies align with organisational goals and requirements.
• Manage authentication control lifecycle activities, including authentication credential generation, distribution, storage, use and destruction.
• Stay current on industry trends and advancements in authentication controls to identify opportunities for enhancement, automation, and innovation. Scanning the internal/external (regulatory and audit) requirements for the IAM function in relation to the authentication control and ensuring that the policies and procedures are updated accordingly.
• Develop and deliver training and awareness programs to educate stakeholders on authentication control practices and responsibilities.