Principal Security Assurance Engineer (Sal) - Zing

About Zing

Zing is a brand new fintech designed to make international money worry-free for anyone who sends, spends, or converts international currencies. Zing has been developed within the HSBC Group to work for anyone, even if they don’t have a HSBC account, so we can be an agile fintech whilst reaping the benefits of having one of the world’s biggest international banks as our parent. We’ve recently launched in the UK and have ambitious plans to scale both within the UK and internationally at pace. 

Check us out:-https://www.zing.me/.

Why join Zing?

We’re only at the start of our exciting journey but already have generated significant media interest. If you want to help build out a highly visible global fintech and work with a global bank as a partner, then this is the opportunity for you!

• Competitive package + benefits

• Hybrid work arrangements and flexible working hours

• A dynamic and challenging working environment

• Responsibility from day one in a fast growing and global company, in a startup context

• A vibrant and international team with a diverse background

• Regular social and team events

If you’re looking for a career that will help you stand out, join Zing by HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, Zing by HSBC offers opportunities, support and rewards that will take you further.

Purpose

To cope with our expansion, we are looking for a Principal Security Engineer (SAL) to join our team. As a Security Assurance specialist, you will be responsible for ensuring the security of our systems, applications, and infrastructure through threat modeling assessment, security architecture reviews, and third-party security reviews. You will play a critical role in maintaining a robust security posture and mitigating potential risks and vulnerabilities.

What you’ll be doing

• Lead and oversee Security Assurance activities, including threat modeling assessments, security architecture reviews, and third-party security reviews. 

• Conduct threat modeling assessments to identify and evaluate potential security threats, vulnerabilities, and risks associated with our systems, applications, and infrastructure. 

• Perform security architecture reviews to assess the effectiveness of security controls, identify weaknesses or gaps, and provide recommendations for improvement. 

• Conduct comprehensive security assessments of third-party vendors, including security questionnaires, on-site audits, and documentation reviews, to ensure their compliance with security requirements and standards. 

• Collaborate with cross-functional teams, including development, IT, and operations, to integrate security into the software development lifecycle and ensure secure coding practices. 

• Provide guidance and recommendations for secure design principles and best practices to development teams and architects. 

• Stay up to date with emerging security threats, vulnerabilities, and industry best practices, and proactively recommend security enhancements and controls. 

• Develop and maintain Security Assurance frameworks, methodologies, and documentation to support the ongoing security assessment and review processes. 

• Work closely with stakeholders to communicate security risks, findings, and recommendations in a clear and actionable manner. 

• Collaborate with internal and external auditors to support security audits and compliance assessments. 

What we are looking for

• Proven experience in security assurance, threat modeling assessment, security architecture reviews, and third-party security reviews. 

• Strong knowledge of security frameworks, standards, and best practices, such as NIST, ISO 27001, and OWASP. 

• Familiarity with security assessment tools and methodologies. Solid understanding of software development lifecycle (SDLC) and secure coding practices. 

• Relevant certifications (e.g., CISSP, CISM, CSSLP) are highly desired. 

• Excellent analytical and problem-solving skills, with the ability to assess risks and provide practical security recommendations. 

• Strong communication and interpersonal skills, with the ability to effectively interact with stakeholders at various levels of the organization to drive security initiatives

• Experience working in a collaborative team environment

Great to have

• Enjoy working in a fast-paced environment that is all about building things, creating new stuff, and disruptive technology that keeps us on the cutting edge of fintech

If you are passionate about Security Assurance, possess strong analytical skills, and have a proven track record in threat modeling assessment, security architecture reviews, and third-party security reviews, we encourage you to apply for this challenging opportunity. 

This role is based in London and offers hybrid working.

Opening up a world of opportunity

Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces. Our recruitment processes are accessible to everyone -  no matter their gender, ethnicity, disability, religion, sexual orientation, or age.

We take pride in being part of the Disability Confident Scheme. This helps make sure you can be interviewed fairly if you have a disability, long term health condition, or are neurodiverse.

If you’d like to apply for one of our roles and need adjustments made, please get in touch with our Recruitment Helpdesk:

Email: hsbc.recruitment@hsbc.com