Consultant Specialist

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Consultant Specialist.

Business: Cybersecurity  

Principal responsibilities

• Manage the end-to-end lifecycle of PEN Testing engagements across multiple teams and vendors
• Coordinate scheduling, resource allocation, and reporting timelines for all PEN Testing activities
• Review and consolidate PEN Test results, ensuring clarity and consistency in reporting
• Communicate findings, risks, and remediation progress to Senior Managers/Leadership and relevant business units
• Track and escalate unresolved issues or critical vulnerabilities
• Maintain documentation, dashboards, and audit trails for compliance and governance
• Collaborate with Cybersecurity teams to ensure alignment with broader security strategy
• Facilitate post-test reviews and lessons learned sessions
• Reporting all Ad-Hoc and On Demand tests
• Collaborate with the Regional and Country representatives of Technology plus other peer managers to implement the team's goals within entity policy, expense and regulatory constraints
• Support peers and senior management within the Cybersecurity function to define and implement an industry-leading Cybersecurity Service that supersedes our constantly changing information security threats
• Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties
• Ensure compliance with internal audit and external regulators that any organisational changes are fit-for-purpose and meet their expectations
• Support Senior Managers in the delivery of a Cybersecurity strategy for a team to secure the bank's technology from the inside out, whilst maintaining, protecting and enhancing HSBC's values, reputation and stakeholder value
• Contribute to the overall definition of responsibilities and accountabilities of Cybersecurity within HSBC
• Support Senior Managers to implement an effective engagement model across GB/GF/Regions with their respective Stakeholders.
• Embeds best practice management and supports implementation of transformational change
• Contributes to building plans and budgets which identify value and cost reduction opportunities
• Report and consult issues into CROS Assurance Lead/Manager and support day to day function requirement.

Knowledge & Experience/Qualifications

• Project Management: Overseeing the entire penetration testing lifecycle, from initial planning and scoping to execution and remediation. Strong organizational and project management skills to manage multiple engagements simultaneously.
• Stakeholder Management: Serving as the primary point of contact for internal teams, external vendors, and clients to ensure project goals are met.
• Vendor Coordination: Managing relationships with third-party penetration testing vendors, help in processing Statements of Work (SOWs), and ensuring deliverables meet expectations.
• Communication: Excellent written and verbal communication skills to effectively interact with diverse audiences, from technical experts to executive leadership. Effectively convey technical information to non-technical stakeholders. Presenting test results, risks, and recommendations to both technical staff and executive management in clear and concise reports and presentations.
• Problem-Solving: A resourceful and creative approach to resolving challenges that arise during the testing process.
• Technical Liaison: Collaborating with technical teams to ensure the availability of test environments and to support the remediation efforts of identified vulnerabilities.
• Compliance & Reporting: Ensuring all testing and findings adhere to internal audit requirements and external regulations and tracking key project metrics and documentation.
• Process Improvement: Contributing to the development and implementation of standardized processes, tools, and best practices to improve the efficiency and consistency of penetration testing services. Continuous learning ensures that penetration testers adapt to change.
• Tools knowledge: Proficiency in project management tools (e.g. Jira, Confluence, MS Project,  or similar), SNOW, Power BI, Microsoft Excel
• Cybersecurity Fundamentals: A solid understanding of penetration testing principles, methodologies, and common vulnerabilities. Experience working in regulated environments or with compliance frameworks (e.g. ISO 27001, NIST, etc.), any additional certifications would be an asset.
• Technical Aptitude: Familiarity with various technologies, including networks, web applications, and cloud infrastructures.
• Risk Management: The ability to understand and convey the business impact of identified security vulnerabilities.

HSBCVZ/GZ*

About HSBC Technology China

We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.

Candidate with less relevant experience or skills may be offered a lower Global Career Band than stated above.

You’ll achieve more when you join HSBC.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Software Development (GuangDong) Limited***