Requirements

Operating system

Windows

Our requirements

• Risk and Controls Background: subject matter expertise in Control Monitoring and Assessment, ability to translate difficult IT concepts into business-friendly language, experience with Technology risks and controls.
• Technical background: knowledge of Cybersecurity – at least a generalist with specialist area expertise welcome, possession of recognized certificates will be an advantage, understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs) is a must, technical writing skills and highly proficient use of written English is required to ensure quality output for Control, Policies, Procedure and Standards design and maintenance.
• Strong stakeholder management and communications skills: experience of working at an operational level in international environments which drive a true international perspective; managing stakeholders including the Group CISO, Cybersecurity Leadership and staff, Chief Controls Office and Resilience Risk teams.
• Team-oriented mentality combined with ability to complete tasks independently to a high-quality standard: experience within fast-moving, complex and demanding corporate environments where Cybersecurity controls issues must be handled on a large scale and multi-task.
• Interpersonal Skills: influential, credible and persuasive, active listener embraces HSBC Values, shows good judgement and demonstrates high communication skills to achieve effective stakeholder management.

Your responsibilities

• Represent Cybersecurity Controls in senior management forums.
• Work with the Control Owners and other stakeholders to ensure timely execution of self-assessments.
• Collect and maintain accurate evidence and maturity scoring reviews for cybersecurity controls.
• Ensure that the defined controls are compliant with Legal/Regulatory/Internal requirements and that measurements provide sufficient data for stakeholder reports.
• Work with Enterprise Risk Management, Chief Control Office and Audit (internal and external) to ensure that the Cybersecurity owned controls are monitored, assessed and tested according to the internal requirements, Risk Management Framework (RMF) and industry standards and best practices.
• Manage escalation of issues through appropriate channels based on the results of oversight process.
• Ensure improvement actions are updated regularly and aligned to the control objectives.