Associate Director, Cybersecurity

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Associate Director, Cybersecurity.

Business: Cybersecurity  

Principal responsibilities

• Risk & Compliance: Support alignment between the Third-Party Cyber Risk Management framework, policies, standards, and procedures in alignment with NIST 800-161, ISO 27001, SIG/SIG Lite, CAIQ, NIST CSF, CIS Controls, DORA (EU), NYDFS, MAS TRM (Singapore), and other relevant regulations/frameworks. 
• Reporting & Metrics: Present detailed cybersecurity performance reports and dashboards, producing executive-level reporting, dashboards, and KRIs/KPIs on the third-party cyber risk posture. 
• Cyber Legal Requirements: Partner with procurement, legal, business owners, and technical teams to embed cyber requirements into contracts (including right-to-audit clauses, data protection, and security SLAs). 
• Continuous Monitoring: Support activity to operationalise Cyber monitor continuous vendor risk through threat intelligence feeds, external attack surface monitoring, and fourth party/sub-contractor mapping. 
• Process Improvement: Identify opportunities to optimize cybersecurity processes, implementing best practices to reduce operational risks focusing on ongoing monitoring, annual re-assessments, off-boarding, and trigger-based reviews (e.g., material changes, incidents, ransomware events affecting vendors). 
• Stakeholder Engagement: Act as a point of contact for internal teams, senior leadership, and third-party partners, ensuring clear communication and alignment on third party risk management.
• Project Coordination: Collaborate with project teams to support transformation activity for cybersecurity initiatives, ensuring seamless integration into service operations.
• Subject Matter Expert : Act as the subject-matter expert on emerging supply-chain threats (e.g., SolarWinds-style attacks, Log4j, MOVEit, 3rd-party breaches) to drive lessons-learned into the transformation and improvements.
• Collaboration: Lead or contribute to cross-functional working groups on supply-chain cybersecurity initiatives.

Knowledge & Experience/Qualifications

• Minimum bachelor’s degree in Information Security, Computer Science, Risk Management, or equivalent. 
• 10 years of experience in cybersecurity governance, third-party risk, vendor risk management, or IT audit. 
• Demonstrated knowledge of cybersecurity frameworks (NIST 800-161, ISO 27036, CSA CCM). 
• Firsthand experience with ServiceNow (workflow/ITSM), SureCloud (GRC), PowerBI (data visualization), and BitSight (third-party risk management).
• Knowledge of emerging technology related to AI and Third-Party Risk Management (TPRM).
• Proven ability to interpret SOC 2, ISO 27001, PCI DSS reports, penetration tests, and vulnerability scans. 
• Experience in delivery of training or advisory workshops is highly desirable.
• Professional certifications preferred: CISA, CRISC, ITIL, GRCP, or equivalent. 
• Strong understanding of cloud security (AWS, Azure, GCP) and Software-as-a-Service risks.
• Excellent communication skills – able to translate technical risk into business language for executives and non-technical stakeholders. 
• Experience working with procurement/legal on contract negotiations is highly desirable.

• Strong analytical skills with the ability to interpret complex data and translate it into meaningful reports and recommendations.
• Stakeholder management and influence without direct authority .
• Transformation program and project management 
• Ability to work in a fast-paced, global environment and manage multiple priorities effectively.
• Available to work in flexible hours with global teams in different time zones.
• Language(s):  fluent English written and spoken.

HSBCVZ/GZ*

About HSBC Technology China

We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.

Candidate with less relevant experience or skills may be offered a lower Global Career Band than stated above.

You’ll achieve more when you join HSBC.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Software Development (GuangDong) Limited***