Business Information Risk Officer (BIRO)

  • GBP600 - GBP650 per day
  • London, England, United Kingdom
  • Contract, Full time
  • HSBC Bank plc
  • 06 Dec 17 2017-12-06


The Business Information Risk Officer is responsible for providing timely and quality advice to the business and shaping the information security and cyber risk management activities in region by actively participating in the RCA process and providing SME input relating to all aspects (risks, controls, remedial actions) of the information security and cyber risks in the business.

  • Responsible for providing information security, cyber and technical SME input to the business in support of their risk management activities, translating technical risk and control related aspects to non-technical business
  • Supporting the business in ensuring that information security risks in the RCAs are adequately assessed, documented, gaps identified and appropriate remedial actions agreed. Support the business in developing and executing appropriate ICMPs.
  • Accountable for taking the lead for information security & cyber risks, ensuring these are adequately understood, assessed and documented in RCAs
  • Responsible for providing Business and GBM CCO management with a view of their information risk landscape through appropriate metrics and timely updates.
  • Serve as the cyber and information security SME for the Business, translating technical controls, Group remediation and other information technology activities to business understood terms which help drive the risk management
  • Responsible for undertaking deep dives of cyber and information technology issues, as directed by the Chief Control Officer or Global Lead BIRO and recommending practical remediation activities.
  • Responsible for engaging with ISR and other 2nd LOD functions, responding to 2LoD requests and ensuring 2LoD observations are understood and where required remediation plans are in place.
  • Accountable for developing and maintaining an engaged and active network of DBIROs, ensuring DBIRO responsibilities are performed as documented in the DBIRO Roles & Responsibilities
  • Responsible for cultivating a culture of information security awareness & good conduct through regular communications, awareness, training and cultivating an engaged and knowledgeable Department BIRO (DBIRO) network
  • Responsible for assisting the Business in the identification, documentation and resolution of information risk issues and control gaps.
  • Responsible for engaging with key supporting functions like Cybersecurity, ITID, HOST etc, ensuring that non GBM led remediation is understood and GBM responds appropriately.
  • Become a key member of the GBM CCO organisation, as an information security and technology SME, and support the Global CCO organisation in the embedding of a consistent global risk management framework

Technical Skill Requirements

  • Strong understanding of information security & cyber risks and potential mitigating actions, industry / good practice risk/control frameworks
  • Strong understanding of information technology and technology control requirements as well as associated industry frameworks
  • Good understanding of related risk/control disciplines (Operational Risk,
  • Flexibility in working arrangements, as the role may require irregular working hours

Educational Requirements

  • Information Security certifications e.g. CISA, CISM etc will be an advantage

Personal Skill Requirements

  • Highly developed influencing and relationship management skills, particularly at the senior business level
  • Excellent written communication, research and analytical skills
  • Good negotiating skills
  • Ability to work autonomously, under minimal supervision
  • Good team and network management skills


  • Managing information security in financial services, preferably an investment bank
  • Management or review of technology risks and controls
  • Performance of risk and controls assessments related to information technology and information security