Cybersecurity DLP - Lead Analyst

If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Cybersecurity DLP - Lead Analyst

Role Purpose:

Global Data Loss Prevention (GDLP) provides a coordinated suite of “Information Defence” services responsible for detecting and responding to information threats to HSBC assets across the globe and is under the management of the Head of Global Information Protection Response. This includes dedicated functions for the Monitoring of potential loss events within the global estate as well as Information Protection Incident Management and Response activities.  These two principal functions are supported by additional internal GCO capabilities in: Cyber Intelligence and Threat Analysis, Security Sciences and Client Engagement and Support Services.  Critical to the success of GDLP is its close partnership with sister Cybersecurity teams, IT Infrastructure Delivery, and Global Business and Function clients. The overall GDLP mission is placed under the purview of the Group Chief Information Security Officer (CISO).

Information Protection Response (IPR) acts as a strategic response function across the Group on a 24x7x365 basis where existing Information Security controls fail.  This function is charged with efficiently and effectively handling Data related incidents resulting from high severity events and confirmed incidents.  The objective is to ensure containment of the issue whilst maintaining close liaison with relevant internal and external parties ensuring an effective risk treatment plan is in place.  This mission is critical to the protection of HSBC customers, the HSBC brand, shareholder value as well as HSBC information and financial assets.

The Data Loss Prevention Operations Lead is accountable for:

• Managing triage and/or escalation of DLP events with local and regional DLP staff, regional teams, and the Information Protection Response (IPR) team to assist with risk assessment and resolution process.
• Collaborating with other local and global DLP Leads/SME and IPR Leads/Incident Managers to ensure co-ordination of workload and continuous 24x7 information security operations service provision. Raising cases and following up with support for any issues.
• Ensuring a comprehensive and smooth hand-over between the global teams as shifts end and begin.
• Developing and reporting metrics and KPIs related to the Data Loss Prevention mission to management in all areas of responsibility.
• Managing a highly skilled, efficient, and effective team of DLP Analysts in achieving their responsibilities, which include:
  • Protecting HSBC Internal, Restricted, and Highly Restricted data in relation to the global DLP monitoring & quarantine tool.
  • Following detailed processes and procedures in security incident response lifecycle and its phases to respond to alerts from DLP monitoring/detection systems within defined OLAs and, where appropriate, escalate data breach events.
  • Triaging potentially malicious events to determine severity of the event.
  • Supporting handovers to other teams and countries at the start and end of the working shift.
• Leading the continued evolution of data loss prevention capabilities and processes, including automation and orchestration
  • Assessing new technology products and projects utilizing security technologies pertinent to the function.
  • Maintaining a strong awareness of regulatory trends, legislation and industry best practice relating to DLP and Identifying and developing new ideas to enhance our DLP monitoring and response capability.
• Performance management and development of the DLP Analyst team.
  • Acting as a role model to more junior members of the team including training, developing, and mentoring colleagues.
  •  
  • Embedding a culture of individual self-improvement, development, and self-directed learning whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cyber security more broadly.
  • Ensuring compliance with internal audit and external regulators.
  • Ensuring compliance with HSBC Cybersecurity policies and standards.
• Collaborating with other teams and industry groups on information security related issues and concerns.
• Educating Bank staff on personnel risks and controls pertaining to information security-related concepts, compliance, and audit requirements to drive a global up-lift in cyber-security and information protection awareness.
• Provide Service improvement to the management. Support the fine tuning of Monitoring rules.
• Responsible for implementing best security practices by understanding the business requirements.

Main Activities:

• function, engaging with colleagues across Cybersecurity, IT functions and the global businesses to drive and deliver sustainable threat monitoring and detection in alignment with risk-posture, architectural constraints, company strategic direction and industry trends and best practices.
• Supports business performance through clear thinking and the application of security focussed knowledge and experience whilst working under pressure in a time-critical, fast paced environment.
• Delivers sustainable business outcomes:

• • Continually reviews DLP events and contributes to the refinement of the policies leading to a reduction of false positive events.
  • Identifies processes that can be automated and orchestrated to ensure maximum efficiency.
  • Identifies risks and vulnerabilities and making cost-effective, reasonable recommendations.

• Drives delivery of the highest standards and outcomes, inspiring others to do the same.  Focus on medium- and long-term goals even when under pressure or facing uncertainty.  Manage expectations, results, and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.

• Strategically develops and adopts innovative approaches to problem solving to gain performance and efficiency advantage, taking calculated, entrepreneurial risks to achieve security-aware, business and strategy aligned outcomes.
  
  Typical Targets and Measures.
  Measures benefits over the short, medium, and long term. Develops strategies to support the growth of the function, allowing for uncertainties and anticipating long term likely outcomes and implications.
• Recognises, values and makes the most of differences in people and cultures to build a sustainable future.
• Keeps up to date with best practice and industry trends, applying it to drive personal performance.
• Demonstrates and applies excellent business domain knowledge.
• Supports a working environment in which innovation is encouraged and embedded into working practices.

Customers / Stakeholders

• Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.
• Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short- and long-term shifts in business/function patterns of activity and demand.
• Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focussed, technical and procedural solutions. 

• Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy.  Key relationships to include colleagues across the other Cybersecurity functions and external peers in the cyber security community, along with other regional counterparts across the globe, Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach
  
  
  Promotes the most appropriate solution even if there are short term additional costs. Acts and engages resources to create new and innovative solutions to address and balance risk against customer needs.
• Balances business requirements and security risks, clearly articulating thought, and decision-making processes to stakeholders.
• Gathers information to deepen insight of internal customers.  Anticipates activity and drives/influences the development of business/function supporting, security focused strategies.
• Maintains strategically significant global and/or high value stakeholder relationships.

Leadership & Teamwork.

• Leads and develops the Data Loss Prevention Operations team, making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value. 

• • Manages Daily/Weekly/Monthly meetings and other team get-togethers.
  • Encourages and promotes enhancing team bonding, supports team projects, shadows teammates/line manager when in need by sharing responsibilities.

• Actively promotes and participates in a learning culture, encouraging collaboration and cross-functional working to assist in the development and nurturing of teams and to assist in the identification and growth of talent. 
• Actively seeks to engage a diverse group of stakeholders internally and externally to influence the achievement of best outcomes for all stakeholders.
• Builds rapport and mutual understanding to communicate and create opportunities for cross-business and/or international working, encouraging debate and open discussion.  Encourages people to build sustainable relationships beyond transactional levels and use empathy and insight to build better understanding of mutual benefits. 

• • Supporting HSBC’s Diversity programs and completing other related duties.

• Acts as an effective coach and mentor.  Contributes to the establishment of good coaching and mentoring practices throughout the team and across the wider GCO department.
  
  Contributes to individual and team reward and recognition systems and on-going development of effective performance management measures.
• Translates the required course of action into a clear and realistic vision.
• Identifies and builds relationships with key contacts and influencers.
• Effectively translates coaching requirements to organisational performance requirements and vice versa.  Designs and implements effective, individual and team/departmental coaching plans.

Operational Effectiveness & Control:

• Governs risk responsibly. Promotes effective, efficient and proportionate management of risk across regions, business areas and within their area of responsibility.
• Implements and communicates changes in policy and governance effectively, reinforcing risk processes within their area of responsibility. 
• Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant threat hunting requirements within their team. 
• Embeds efficient risk and compliance processes and procedures into business as usual practices.
• Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention. 
• Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
• Supports the management of department finances.  Accurately interprets strategic financial information: makes insightful decisions in financial planning and programme performance monitoring. 

Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate.

• Creates an environment that anticipates risks, ensuring action is taken to quantify and mitigate them.
• Builds plans and budgets which identify value and cost reduction opportunities. 
• Ensures reconciliation of expenditure against completed work and benefits realisation; recommends how to tackle any variance. 

Management of Risk (Operational Risk / FIM requirements)

• 
  The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
• The jobholder will also continually reassess the IT Security and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.

This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.

Observation of Internal Controls (Compliance Policy / FIM requirements)

• Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
• The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified IT security risks.
• The jobholder will implement the group compliance policy by containing compliance risk in accordance with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer requirements. The term ‘compliance’ embraces all relevant financial services laws, rules, and codes with which the business has to comply.
• This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.

Qualifications Required:

Budget & People - This role will have no direct reports and no direct accountability for budgets.

Relationships - Key relationships include other Cybersecurity Service Lines and extends to peers across regions, other GB/GF and Security Function heads, BIRO’s and generally up to 2 level higher in the organisation, as well audit, regulators and key government agencies and security forums. Will also include external relationships with vendors, acting as a subject matter expert.

Regulatory & Risk Management - Working closely with Cybersecurity Functions and peers across the DBS function to deliver sustainable results, build strong relationships with internal and external stakeholders (risk, audit, government agencies, industry forums etc.) to understand the IT/Information Security risk profile, monitor compliance with policies and standards and identify and address any regional or country specific requirements. 

Strategic input - Providing influence and input to ensure alignment between Cybersecurity and GB/GF strategic outcomes and business goals.  Uses extensive technical knowledge and experience to solve complex problems and propose implementable solutions, to deliver ongoing improvements in line with business strategy.

Technology - The role holder will have excellent knowledge of their technical environment and will have significant influence in setting the way forward in the types of technology they utilise. Forward thinking, making the right decisions based on strategy.

Skills

• Excellent investigative skills, insatiable curiosity, and an innate drive to win.
• Proficiency in multiple technical disciplines, analytic and quality assurance techniques.
• Strong problem-solving and trouble-shooting skills.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Proven experience in crisis management, crisis response frameworks and communications. 
• Demonstrated project and task management skills and ability to track and report progress against established milestones, metrics, and deliverables.
• Self-motivated and possessing of a high sense of urgency and personal integrity.
• Instinctive and creative.
• Quick learner with an ability to share and transfer knowledge.
• Proficient in preparation of reports, dashboards, and documentation. Experience in maintaining various metrics and SLAs. Banking experience is preferred.
• Highest ethical standards and values.
• Experience defining and refining operational procedures, workflows, and processes to support the team in consistent, quality execution of monitoring and detection.
• Good understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws.
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
• Ability to work independently in a fast-paced environment as part of a distributed team with effective communication and collaboration skills.
• Strong written and oral communication skills. The ability to communicate effectively (clear, concise, and professionally) at all levels within the Bank.
• Ability to speak, read and write in English, in addition to your local language.

Technical Skills

• Must have worked as DLP practitioner/SME and lead the team.
• Hands-on experience implementing, managing, and monitoring security tools and technologies related to DLP, EDR, IAM, PAM, etc.
• Hands-on experience in security incident response lifecycle and its phases. Ability to handle, resolve data security incidents minimizing impact and respond to escalations.
• Strong knowledge of various data security tool & techniques such as DLP, CASB etc.
• Knowledge of industry cyber security regulations and standards.
• Knowledge of cyber security frameworks (e.g., ISO27001, NIST 800-53, HITRUST CSF, etc).
• Knowledge of various DLP systems including but not limited policy creation.
• Knowledge of risk assessment frameworks, tools, technologies, and methods; experience in planning, researching, and developing security policies, standards, and procedures, then performing testing and evaluation of documentation and controls with remediation recommendations.
• Good to have knowledge of tools used for network security (CASB, EDR, NIPS, WAF, HIPS, AV, Firewalls, etc).
• Knowledge of deploying or supporting enterprise logging infrastructure is a plus.
• Experience with or knowledge of cloud security frameworks on Azure, GCP and AWS is a plus.

Industry Experience and Qualifications

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:

• 10 years of progressive experience in Data security and incident response.
• 4 years of experience in one or more of the following areas:
  • DLP security control maintenance
  • ITIL Foundation knowledge
  • Strong background in Security processes and incident management tools
• Experience in Information Technology or Information Security/Cybersecurity.
• Experience within an enterprise scale organisation; including hands-on experience of complex regulatory environments, preferably in the finance or similarly regulated sector.
• Professional certification of GIAC, SSCP, CISSP, CCSP, MCSE, or CNA/CNE is a plus.

Any suitable combination of education, training, or experience is acceptable.

Lenguage Level:

• English level – Advanced English profiency C1.

Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.

At HSBC we offer our colleagues a greater number of leave days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance, and care.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Electronic Data Process Mexico Private LTD***