Cyber Intelligence and Technology Risk Officer
Some careers grow faster than others.
If you're looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
Retail Banking and Wealth Management leverages HSBC's global retail banking expertise and wealth management capabilities to deliver a broad range of world-class retail banking solutions to millions of customers. Driving for growth in key markets around the world, the business comprises areas such as retail banking, wealth management, insurance and asset management, with a focus on customer-centric propositions and innovative and efficient distribution channels that will differentiate our customer experience and deliver market leading retail banking and wealth management solutions.
We are currently seeking an experienced professional to join this team in the role of Cyber Intelligence and Technology Risk Officer. Principal Responsibilities:
- The country lead CITRO is responsible for assisting the Regional Head of CITRO for providing assurance to local business management that all Information and Cyber Security Risk (ISR) and Systems and Data Integrity (SDI) policies, controls, processes and projects within their respective line of business have been implemented and to ensure that proportionate and effective information security controls are established and maintained.
- The role involves facilitating the effective collaboration and alignment with the HOST, Second Line Risk functions ClOs / Heads of IT, CCO Technology teams, as well as the RBWM Senior Management in the country. The role holder will be accountable for the development, maintenance and embedding of a global HOST IT, Information Security Risk / Cyber risk engagement models for RBWM.
- The role holder will be expected to ensure the effective and timely reporting and escalation of risk using the risk management framework within RBWM. Further, the country CITRO will have a role in working with senior management to articulate their risk appetite and address key strategic risks, as well as to ensure that senior RBWM stakeholders have appropriate visibility as to their IT, Information and Security Risk, Cyber Risk, and Systems and Data Integrity risk. The Business CITRO should ensure appropriate challenge of RBWM when risk appetites are breached.
- The country CITRO will work jointly with the regional RBWM CITRO and as well as the country CITRO regional network to establish and develop a consistent, pragmatic and effective approach to IT related risks, Information Security, Cyber risk and Systems and Data Integrity risk.
- When required by the business, the CITRO can operate in a consultancy capacity for information security risks, in order to maintain a framework of controls appropriate to the line of business and in line with the business's risk appetite. The CITRO may provide guidance to the business regarding involvement of other key stakeholders (e.g. Information Security Risk and IT Security).
- Provide support to the local business with the implementation of information security controls, through engagement with Information Security Risk projects/programmes and Systems and Data Integrity controls as outlined in the Cyber Risk Standard Operating Procedures (SOP).
- Working with country CCO and regional Head of CITRO to develop and define a strategic direction, including defining risk appetites across RBWM, understanding the business need and addressing expectations and expressing these using Risk Indicators. The CITRO has a role in collaborating with IT, Information Security Risk, Cyber Risk and Systems and Data Integrity risk professionals in order to support RBWM on a global and regional basis, driving consistency and high standards. The CITRO has a role in acting as a leader of the local CITRO network, projecting a professional and competent image of the CITRO network, in line with HSBC's values and behaviours.
- Risk Management - Have a high level and extensive amount of IT, Information Security Risk and Cyber Risk Management knowledge to face off appropriately to the different risk managers in the Group and also external parties. Understanding of the Fraud and Risk characteristics of key products and channels.
- Strategy / Vision - Be able to implement a vision and strategy for risk capability within a market and communicate to key stakeholders and get their buy-in.
- Influence - Have gravitas that will be obvious to all engaged teams of HSBC, which will enable face off to senior SFR managers and HOST stakeholders in order to win their confidence and help influence their decisions. Must be able to engage with senior business leaders, CROs, COOs, BRCMs, BIROs and board level management.
- HSBC Knowledge - A detailed understanding of HSBC and how it works including people, process and technology.
- Business Knowledge - Knowledge of all major areas of a Global Banking and Financial Services organization including Retail Banking, Investment Banking, Commercial Banking and Private Banking.
- Technology Knowledge - Good level of understanding of diverse technology including infrastructure, network and applications. Experience in large enterprise systems development lifecycle. High levels of understanding of fundamental information security controls, principles and technology.
- Change Delivery - A very strong change delivery track record in large global organizations. Demonstrated record of delivering global programmes.
- Span of Control - A proven track record of managing large global complex areas in terms of operations, processes, headcount and budget.
- Communication - Have excellent communication skills to be able to build relationships with key internal & external stakeholders and be able to sell a strategy and vision.
- Style - A change agent who is not afraid to change the status quo in order to drive Group strategy with the discipline to recognize when existing people, process and technology can fulfill business needs.
- Academics : Highly desirable - BA, BSc or BEng university degree in a relevant field. Postgraduate degree in a relevant field a plus (MSc, MBA or PhD).
- Language: Must have business English fluency. Spanish, Mandarin or another major world language considered a plus. For market specific roles, local language skills strongly recommended.