GCP Security & Operational Compliance lead

  • Competitive
  • London, England, United Kingdom
  • Permanent, Full time
  • HSBC Bank plc
  • 17 Apr 19

GCP Security & Operational Compliance lead

Role Title: GCP Security & Operational Compliance lead
Business: Information Technology
New or Existing Role: New
Grade: GCB4

Role Purpose

  • The GCP Sec Ops and Ops Compliance lead will work within the Google Cloud platform team and be responsible for making sure all aspects of the platform are secure and all operational risks are managed. This will include ensuring that the Platform is resilient to meet Business requirements. Reporting to the GCP Service delivery Manager and engaging with Google, ITID, GCP DevOps engineers, Cyber Security, ITSR, GCP Product Managers, and customers to ensure that we are providing a platform that is available for the customer, is compliant with HSBC Security standards, Operational Risk standards and resilient to meet business needs.

Key Accountabilities
Responsibilities will include:
  • Ensure that GCP foundation platform conforms to HSBC Cyber Security standards
  • Work with cyber security to define Security patterns
  • Accountable for GCP foundation platform conformity to HSBC Operational Risk standards
  • Ensure the GCP Foundation Platform conforms to all regulatory requirements
  • Support the GCP Technical Architect in all Audit related tasks
  • Accountable for ensuring that robust SIEM (logging) and Monitoring processes are in place
  • Support the Service Delivery Manager to implement a 24 x 7 follow the sun support model
  • Ensure that Cyber security Identity and Access Management patterns are implemented
  • Create Business continuity plan for GCP platform and carry out regular tests in line with HSBC standards Business contingency standards.
  • Maintain and manage all customer facing Security information and knowledge bases
  • Gather requirements and provide continuous feedback loops between customers, Cyber Security and Engineering teams
  • Provide Management reporting to ensure data driven discussions for continuous improvement

The ideal candidate for this role will have the below experience and qualifications:
  • Experience working in a security related discipline
  • Experience working in a service assurance\service delivery team
  • Experience dealing and responding to IT Audit
  • Understanding of ITIL
  • Understanding of COBIT framework
  • Knowledge of PCI
  • Security professional certification
  • Understanding of Identity and Access Management principles (E.g. Privileged Access)
  • Experience in dealing with Cloud service providers (E.g. GCP,AWS, Azure)
  • Experience in dealing with multiple support groups that contribute to a service
  • Have worked in an enterprise Financial Services company
  • Customer/stakeholder focus. Ability to build strong relationships with Application teams, cross functional IT and global/local IT teams
  • Good leadership and teamwork skills - Works collaboratively in an agile environment with Stakeholders to deliver the service.
  • Excellent written and spoken communication skills; an ability to communicate with impact, ensuring complex information is articulated in a meaningful way to wide and varied audiences
  • Built effective networks across business areas, developing relationships based on mutual trust and encouraging others to do the same
  • A comprehensive understanding of risk management and proven experience of ensuring own/others' compliance with relevant regulatory processes
Essential Skills
  • Have experience working in an architecture team in an enterprise
  • Have experience managing stakeholders
  • Have excellent written, verbal and presentation skills
  • Demonstrable Risk Management knowledge
  • Keen problem solving skills (Analytical and Creative)
  • Experience working within an Agile environment
  • Ability to quickly acquire new skills

Desirable Skills
  • GCP Certifications
  • Security certification (CISSP,CEH,CISM)
  • Technical knowledge (CSP's, IAM, OS, CI/CD and automation tools)
  • Experience operating in highly regulated industry, e.g. Financial Services

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies

We are an equal opportunity employer and are committed to creating a diverse environment.

https://www.hsbc.co.uk/1/2/popups/uk-privacy-statement#/ overview