Associate Director, Service Management

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Associate Director, Service Management.

Business: MSS Operations Technology

Job ID: 48253

Principal responsibilities:

1) Regional risk & control leadership

Define and execute the regional Risk & Control strategy for MSS Operations Technology aligned to TRCB priorities and HSBC risk appetite.

Establish consistent control execution across applications and teams, ensuring “secure-by-design” is embedded in delivery ways of working.

Provide oversight of key technology and cyber risks, ensuring appropriate governance and escalation where required.

2) Control assessment, monitoring and remediation

Partner with Asset Class RCOs, service owners, and relevant Risk Functions to assess control design and operating effectiveness.

Identify control gaps and drive remediation plans with clear ownership, milestones, and measurable outcomes.

Challenge and support teams to ensure remediation is proportionate, sustainable, and reduces residual risk.

3) Issue and action plan lifecycle ownership

Own the regional issue/action plan lifecycle: raise, categorise, prioritise, track, challenge, and close.

Ensure issues are accurately articulated (root cause, impact, risk statement) and supported by robust evidence for closure.

Maintain a clear view of thematic issues and systemic control weaknesses; drive cross-team fixes where needed.

4) Audit and regulatory readiness (including ICMP)

Act as the regional SME for technology controls and cybersecurity topics during audits and regulatory examinations.

Coordinate audit/regulatory evidence collection, ensuring completeness, quality, and timeliness.

Lead and coordinate ICMP responses and follow-ups, ensuring actions are owned, tracked, and delivered to commitment.

5) Governance, MI and residual risk reporting

Produce and present regional governance packs, including KRIs/KPIs, control health, issue status, and residual risk views.

Provide forward-looking insights (emerging risks, hotspots, delivery impacts) to support decision-making.

Ensure reporting is consistent, accurate, and aligned to stakeholder expectations across Technology and Risk.

6) Secure delivery enablement (Agile/DevOps engagement)

Work directly with Agile/DevOps teams to embed security and control requirements into delivery artefacts (e.g., security stories/use cases, acceptance criteria).

Support adoption of security tooling and interpret outputs from testing/scanning (e.g., vulnerability results, code quality/security findings) to drive remediation.

Promote pragmatic, automation-friendly controls that improve speed and safety.

7) Capability building and culture

Build regional capability through training, playbooks, best-practice sharing, and coaching.

Foster a strong risk culture where teams understand “why” controls matter and how to implement them efficiently.

Create communities of practice across MSS Ops Tech to scale consistent control execution.

Knowledge & Experience/Qualifications:

1) Strong experience in technology risk and controls, cybersecurity risk, or technology assurance within a large financial services environment.

2) Proven track record managing issues/action plans end-to-end, including evidence-based closure and effective challenge.

3) Experience supporting audits and/or regulatory exams, including evidence coordination and response management.

4) Working knowledge of secure SDLC and Agile/DevOps delivery practices, with the ability to translate control requirements into delivery actions.

5) Strong stakeholder management skills—able to influence across engineering, operations, and risk functions.

6) Excellent written and verbal communication, including governance reporting and senior-level presentations.

What additional skills will be good to have?

1) Familiarity with common control and security frameworks (e.g., NIST, ISO 27001, COBIT) and technology control domains (access, change, vulnerability, resilience, third-party, logging/monitoring).

2) Experience with security/testing tooling outputs (e.g., SAST/DAST, vulnerability scanning, dependency scanning) and interpreting results for remediation prioritisation.

3) Experience operating in a regional/global matrix organisation with multiple application portfolios.

Job Board Tags:

/WX

/51

/LP

You’ll achieve more when you join HSBC.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Software Development (GuangDong) Limited***