Head of Cybersecurity Risk& Controls and Regulatory Compliance
Join a digital first bank that’s powered by people.
Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.
In our cybersecurity team you’ll be helping to safeguard the financial system on which millions of people depend.
You’ll be making banking more secure by designing, implementing, and operating controls to manage Cybersecurity Risk. You’ll help define HSBC Group cyber security standards, deliver Global Security Operations ad Threat management services, provide round-the-clock monitoring and security incident response services, and oversee Network/Application/Infrastructure Security. The work you do will provid3e assurance of the adequacy and effectiveness of security controls to Business Risk Owners.
The Global Head of Cybersecurity Risk & Controls will play a key role in coordinating activities required to implement the Cybersecurity Risk and Controls Strategy across globally in partnership with Control Owners and SMEs. This role will report into the Global Head of Business Engagement, whilst closely partnering with Regional and Business Information Security Officers. The key part of the role will be leading on design, oversight and reporting on Cybersecurity controls.
The ideal candidate will possess strong leadership and communication skills, a wide knowledge in risk and controls space, as well as across all cybersecurity domains and strong experience in managing international teams and stakeholders. The role holder will be required to manage a global team, stakeholders including the Control Owners, regional and business CIOs and COOs; Cybersecurity Leadership and staff; Chief Controls Office (CCO) Technology, 2LoD Resilience Risk and 3LoD Internal Audit teams.
As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.
In this role you will:
• Building out, leading and managing a new Global merged team combining Cybersecurity Risk & Controls capabilities.
• Working with the Control Owners, wider CBE team, 2LoD, 3LoD and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library and federated controls owned by the business, are designed according to the Bank’s requirements and industry standards and best practises (e.g. NIST FSS) and embedded across the business and regions.
• Lead on reporting capabilities to enable oversight of control effectiveness through Key Control Indicators, as well as to ensure these are tailored and consumed by the business and regions.
• Conduct periodic maturity assessment of Cybersecurity controls against industry best practices frameworks (e.g. NIST) in partnership with independent/external suppliers.
• Drive continuous improvement and embedding of the Cybersecurity Risk Quantification (CRQ) model to enable a data driven risk assessment and oversight.