Must have

• Cybersecurity

• Technical Writing

• Stakeholder management

• English

Requirements description

What you need to have to succeed in this role

• Expertise in Risk and Control Management (controls design and implementation and control assessment)
• Ability to translate difficult IT concepts into business-friendly language; Experience with Technology risks and controls.
• Knowledge of Cybersecurity – at least a generalist with specialist area expertise welcome.
• Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs) is a must;
• Technical writing skills and highly proficient use of written English is required to ensure quality output for Control, Policies, Procedure and Standards design and maintenance.
• Experience of working at an operational level in international environments which drive a true international perspective and senior stakeholder management skills
• Experience within fast moving, complex and demanding corporate environments where Cybersecurity controls issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change.
• Ability to identify and remediate challenges in (governance) processes and must be able to get Capability owners, Controls Owners and Control SMEs to respond to issues.

Offer description

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

Cybersecurity Controls Design and Oversight Lead will play a key role in the design and maintenance of the Cybersecurity control environment. The role holder will be tasked with defining and maintaining operational controls instances, their measurements as well as Policies, Standards and Procedures for Group Cybersecurity.

Your responsibilities

1. Working with the Control Owners, 2LoD and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library are designed according to the Bank’s requirements and industry standards and best practices (e.g. NIST 800-53);
2. Working with the Control Owners and other stakeholders to ensure that Cybersecurity control measurements are defined in accordance with HSBC’s KCI Design Framework and industry best practices (CIS);
3. Working with CTE and CMT teams to ensure that the defined controls are compliant with Legal/Regulatory Mandatory requirements and that measurements provide sufficient data for stakeholder reports;
4. Design, manage and maintain Policies, Standards and Procedures for Cybersecurity controls, covering all areas across Engineering, Operations and Security Assessment and Testing.