Head of Cyber Threat and Controls Assessment Latin America

Big Bank Funding. FinTech Thinking.

Our Technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, technology operational teams, IT architects, front and back-end developers, infrastructure/cloud specialists, cybersecurity experts, Control Owners, and delivery teams (inc. project and programme managers).

Following extensive investment across our Technology and Digital domains and with plans for continued expansion throughout 2023 and beyond, we are currently seeking a Lead for Secure Development, to join the HSBC Cybersecurity team within the Global Technology team

 Head of Threat and Controls Assessment Americas

Role Purpose:

This role reports into the Global Head of Cyber Threat and Controls Assessment, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment, Vulnerability Management and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.

The candidate will be able to demonstrate: significant management and communication skills; experience in managing and influencing both teams and stakeholders from diverse backgrounds and cultures, often remotely, and; proven experience, skills and expert knowledge of IT security practices, DevSecOps practices, vulnerability management or similar (e.g. penetration testing). The role holder is required to engage with senior stakeholders including cybersecurity leadership, both globally and in regions, Technology teams including IT Operations, engineering and platform teams, change management, and cloud platform teams, stakeholders across all lines of defence: Chief Controls Office Technology, 2LoD Resilience Risk and 3LoD Internal Audit teams. Experience with Regulators, including from the USA, is a significant plus.

Main Activities:

• Drive outcomes and best practices in the Americas region (Canada, USA, Mexico, Brazil and Chile); acting as the senior point of contact for any Cybersecurity related issues.
• Represent Cybersecurity at regional senior management meetings, where you will be expected to articulate approaches/strategies and respond to challenges.
• Lead and support a team of Cybersecurity professionals, providing clear direction, set performance targets and contribute to employees’ professional development.
• Support, drive and continuously evolve the threat and controls assessment capabilities. This includes support/driving the development of self-service threat modelling supported by automation, and data-led thematic assessment of IT services and controls.
• Define, implement, operate and monitor the threat modelling for pre-deployment and post production, both via manual, ad-hoc and automated capabilities. This includes but is not limited to: on premise IT assets, cloud, infrastructure assets and business applications.
• Collaborate with the Global, Regional and Country representatives of Technology and other peer managers to implement the team’s goals within entity policy, expense and regulatory constraints.
• Lead and support peers within the Cybersecurity function to define and implement an industry leading Cybersecurity Service that supersedes our constantly changing information security threats.
• Contribute to the Sub-function/ Region Cybersecurity strategy to secure the bank’s technology from the inside out, whilst maintaining, protecting and enhancing HSBC’s values, reputation and stakeholder value.
• Responsible for ensuring effective engagement with Global Business/ Function/ Regions.
• Define, plan and lead change activities for driving capability uplift and process improvements.
• Work with the other regions to ensure a consistent approach to Threat and Controls Assessment.

Stay up to date on new industry trends and best practices

Qualifications Required:

What you will bring to the role; 

To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:

Mindset

• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
• An ability and interest to learn and experiment with new approaches, in different contexts, across the amazing scale that HSBC brings.
• Be a change-agent.

Good Risk and Controls understanding

• Knowledge and exposure of Risk and Control Management
• Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders.

Strong Technical background

• Proven experience in general security concepts and principles and application specific security concepts and principles.

• Proven experience working in a large scale, multi-national and technologically diverse environment.
• Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets.

• Strong understanding of applications design and architecture.
• Strong understanding of Software Development Life Cycle (SDLC) with a focus on security.

• Professional IT Security qualifications and/or certification.
• Knowledge of Governance, Risk & Compliance.
• Experience in continuous improvement and process optimisation.

• Knowledge and experience with network, host and application security practices.
• Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team.

• Have a minimum of 10 years in a Cybersecurity role.
• Have a minimum of 3 years leadership (projects, resource etc.).
• Experience/ udnerstanding of secure development, vulnerability management and third party security assessment would be beneficial.

Strong stakeholder management and communications skills

• Experience of working in international and diverse environments.
• Experience in managing high-performing individuals in different geographies, often remotely.
• Experience in engaging with business, technology, regional and regulator stakeholders.
• Ability to communicate to executive leadership – effectively translating technical gaps into business risk.
• Ability to prepare concise presentations and updates for senior management.

Effective Team Lead combined with ability to complete tasks independently to a high quality

• Possess strong leadership skills to bring out the best in a team. This includes both direct leadership and cross-functional capabilities.
• Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change.

Interpersonal Skills

• Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management.

Location

• Some travel will be required – expected once to twice a year.
• The role-holder is expected engage with stakeholders and their teams in within the office, however we operate a highly flexible working arrangement for the right candidate whereby much of their time can be “remote".

Lenguage Level:

Advanced English

.

Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.

At HSBC we offer our colleagues a greater number of leave days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance, and care.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC***