Description

Our purpose – Opening up a world of opportunity – explains why we exist. Here at HSBC we use our unique expertise, capabilities, breadth and perspectives to open up new kinds of opportunity for our more than 40 million customers. We’re bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Big Bank Funding. FinTech Thinking.

Our technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply, and securely. We also run and manage our IT infrastructure, data centers and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and program managers.

We are currently seeking a Head of Cybersecurity Risk and Controls Strategy (CRCS) Business Engagement for the Americas Region, to join HSBC’s Cybersecurity team within Technology.

Brief overview of the business areas:

The Cybersecurity function is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.

What you will be doing:

The Head of CRCS Business Engagement for the Americas will play a key role in coordinating activities required to implement the Cybersecurity Risk and Controls Strategy across the Region. This role will report into the Global Head of CRCS and the Chief Information Security Officer for the Americas, and closely collaborate with the CRCS Business Engagement Leads supporting other regions and businesses HSBC operates in, as well as with the rest of core CRCS functions. Key responsibilities of the role include establishing and executing processes across the Americas to strengthen engagement for control design and monitoring, tailoring metrics and management updates across all tiers of the organization, ensuring an accurate reflection of cybersecurity risks and controls across the environment, and participating in response to independent challenge of same.

The ideal candidate will possess strong leadership and communication skills, a wide knowledge across all cybersecurity domains, the ability to craft and champion well-articulated risk analysis, and experience in managing international stakeholders. The role holder will be required to manage engagement with senior stakeholders including the regional and business CIOs and COOs; Cybersecurity Leadership and staff; regional, in-country and global business teams; Chief Controls Office (CCO) Technology, Independent Risk and Internal Audit teams.

As our Head of Cybersecurity Risk and Controls Business Engagement you will:

Key Accountabilities:

• Building out, leading and managing the CRCS Business Engagement activities to the Americas Region

• Working closely with core CRCS functions and the wider Cybersecurity teams to ensure the designed controls are embedded, fully understood and adhered to, emphasizing adoption at the business and regional level

• Representing CRCS in regional and business senior management forums

• Working with the Control Owners, Independent Risk, Internal Audit and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library and federated controls owned by the business, are designed according to the Bank’s requirements and industry standards and best practices (e.g. NIST CSF)

• Working with Cybersecurity Control Design and Continuous Control Monitoring teams to ensure local control issues are properly fed into global control design, monitoring and governance

• Working with Cybersecurity MI & Reporting team to feed requirements from the business and geographies, ensuring continuous evolution of MI reporting, tailored to our global audience

• Working with Cybersecurity Risk & Control Strategy (CRCS) teams to ensure that the measurements defined provide sufficient data for regional and business stakeholder reports and are aligned with the Cyber Risk Quantification (CRQ) model

• Support the Global Head of CRCS with designing, managing and maintaining processes and engagement model for the CRCS Business Engagement function

The role holder will manage CRCS activities to support the Americas Region within CRCS Business Engagement team that is part of HSBC’s 1LoD Cybersecurity Risk and Controls Strategy (CRCS) function. As such the role holder must possess significant controls management experience, strong stakeholder management skills and experience, in order to help deliver a unified approach to controls management across the Group.

The CRCS Business Engagement team is responsible for implementing each of the core areas of CRCS within business and geographies:

• Cybersecurity Risk Quantification (CRQ) – development, implementation and management of a mathematical model calculating the impact of improvements made to our control environment on risk exposure reduction. Providing an industry leading opportunity to translate complex cybersecurity concepts into business-friendly information allowing to make informed decisions in line with our risk appetite

• Cybersecurity Controls Design – designing Procedures, Operating Instructions and Control Instances, expanding on the newly implemented Risk Taxonomy and Control Library. Define and maintain a detailed Cybersecurity Controls Catalogue, continuously improving our controls design and implementation requirements

• Metrics & Reporting – definition and management of Key Control Indicators and providing a ‘front-door’ service to Global Businesses, Functions and Regions for any queries related to KCIs and output of the new Cybersecurity Metrics dashboard

• Continuous Control Monitoring – developing the approach, implementing and maintaining a process for ongoing control monitoring. Designing an approach for automated evidence collation to facilitate reviews from Chief Controls Office, Resilience Risk and Audit

• Risk & Controls Strategy – embedding CRQ into wider Operational Risk Management Framework and controls ecosystem. Tying together all other components of the function into a cohesive strategy to ensure robust end to end control management and risk quantification

For this role, HSBC targets a pay range between $148,300.00 and $222,500.00

The final fixed pay offer will depend on the candidate and a number of variables, including but not limited to, role responsibilities, skill set, depth of experience and education, licensing/certification requirements, internal relativity, and specific work location.

At HSBC, our overall goal is to provide a competitive Total Reward Package, with an appropriate mix of fixed pay, and variable pay, as part of an employee’s overall total compensation and benefits. Variable pay generally takes the form of discretionary, annual awards (sometimes referred to as a “bonus”). Additionally, HSBC offers a wide range of competitive and flexible benefits designed to help you improve your health and well-being, finances, and lifestyle.

Qualifications

To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:

Strong Risk and Controls Background

• Significant, subject matter expertise in Cybersecurity Controls. This includes but is not limited to controls design and implementation and control assessment, as well as MI and executive reporting

• Ability to translate difficult IT concepts into business-friendly language

• Experience with Technology risks and controls. Advanced knowledge of Cybersecurity is a must

• Expert understanding of inherent/residual risk principles as well as effective/sustainable control design

Technical background

• Wide general cybersecurity knowledge; understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors

• Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs) is a must

• Familiarity with the NIST Cyber Security Framework (CSF) would be beneficial

• Knowledge of Center for Internet Security (CIS) Measures and Metrics is a plus

• Experience with GRC Tools (such as HELIOS, ServiceNow, Archer) is a plus

• Understanding of regulatory landscape

• 7-10 years’ experience

Strong stakeholder management and communications skills:

• Utmost attention to detail, ensuring accuracy, completeness, and quality of all work products

• Experience of working at an operational level in international environments which drive a true international perspective

• Experience in managing/engaging with individuals in different geographies and cultures

• Experience in creating and reviewing executive reports (up to board level)

• Experience in dealing with Senior/Executive Management, internal and external audit

• Experience in dealing with senior management, business and wide array of global stakeholders

• Experience in dealing with regulators within jurisdictions across the Americas region

Team-oriented mentality combined with ability to complete tasks independently to a high quality standard

• Experience within fast-moving, complex and demanding corporate environments where Cybersecurity controls issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change

Interpersonal Skills

• Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrating high level of communication skills in order to achieve effective stakeholder managementCome Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

In compliance with applicable laws, HSBC is committed to employing only those who are authorized to work in the U.S. Applicants must be legally authorized to work in the U.S. as HSBC will not engage in immigration sponsorship for this position.

As an HSBC employee, you will have access to tailored professional development opportunities to ensure you have the right skills for today and tomorrow. We offer a competitive pay and benefits package including a robust Wellness Hub, all in a welcoming, diverse and inclusive work environment. You will be empowered to drive HSBC’s engagement with the communities we serve through an industry-leading volunteerism policy, a generous matching gift program, and a comprehensive program of immersive Sustainability and Climate Change Initiatives. You’ll want to join our Employee Resource Groups as they play a central part in life at HSBC, including the development of our employees and networking inside and outside of HSBC. We value difference. We succeed together. We take responsibility. We get it done. And we want you to help us build the bank of the future!

All qualified applicants will receive consideration for employment without regard to age, ancestry, color, race, national origin, ethnicity, disability or medical condition, genetic information, military or veteran service, religion, creed, sex, gender, pregnancy, childbirth, caregiver status, marital status, citizenship or immigration status, sexual orientation, gender identity or expression or any other trait protected by applicable law.

Job Field: Digital

Primary Location: North America-United States-New York-Buffalo

Other Locations: North America-United States-New York-New York

Req ID: 0000KW3G