Chief Information Security Officer (CISO)

Cybersecurity manages the IT infrastructure security and supporting services that are critical for HSBC employees and customers, such as cost-efficient hardware, system software, middleware and databases, data centers, voice and data networks, ATMs, desktops and other devices. The technology area comprises five functions: Client Services, Enterprise Services and Architecture, Data Centre and Service Management, Relationship Management, Project Management and Risk and Administration. Collectively, these areas define and deliver HSBC’s technology strategy to support the Group’s goals. 

 
We are currently seeking an ambitious individual to join in the role of Chief Information Security Officer (CISO).

Principal Accountabilities

• Responsible for overall ownership of Cybersecurity Risk and Regulatory issues in Bangladesh and implementation of controls for effective risk management.
• Responsible for understanding all the technology related process and risks in country. Identify threats/ vulnerabilities and determine corresponding remediation action.
• With the global nature of Technology and Cybersecurity Risk, challenge of meeting regulatory policy/ demands, digitalization, the job holder often has to communicate with various senior risk teams, global control/issue owners, senior businesspersons and external regulatory parties requiring technical and analytical skills, effective communication skills, leadership and presentation skill.
• Ensure compliance with internal audit and external regulators that any organizational changes are fit for purpose and meet their expectations.
• Arrange cybersecurity awareness session to enhance the overall capability of the function.
• Build and maintain strong relationships with related government agencies, Central bank etc.  Represent HSBC's strategic direction with regard to legal and regulatory requirements.
• Participate in the design and implementation of innovative Cybersecurity solutions
• Perform technology implementations and develop/pilot advanced security technologies across the HSBC portfolio
• Operate as part of a global team and responsible for monitoring multiple HSBC networks simultaneously using the latest threat detection technologies to detect, analyze and respond to cyber security threats and incidents.
• Follow detailed processes and procedures to identify and respond to these threats and incidents, escalating to Senior Analysts based on the severity and potential impact of the threat or incident.
• Perform and execute activities to ensure end to end assurance around security processes and controls
• Analyse and execute activities to ensure compliance with HSBC Cybersecurity policies and standards
• Support Senior Managers in the delivery of a Cybersecurity strategy for a team to secure the bank’s technology from the inside out, whilst maintaining, protecting and enhancing HSBC’s values, reputation and stakeholder value
• Assist and support implementation of emerging technology (e.g: AI/ML, Blockchain, Cloud) solution.
  
  

Experience, Skills and Qualifications

• Bachelor from a public/private university preferably from Information Technology background
• Experience in Project Management, Risk Management, Audit, Information Security etc.
• Certifications on ISO270001, CEH, CISA, CISM, CISSP, CRISC, CCSP will be added advantage
• Strong leadership, interpersonal, communication, problem solving and analytical skills
• Good presentation skill in English (verbal and written), experience on multimedia tools will be added advantage
• Ability to form effective relationships, working under pressure, taking ownership and to influence at the senior level in the organization and regulatory.

 
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.