Global Head of Third-Party Cybersecurity

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Global Head of Third-Party Cybersecurity 

Business: CyberSecurity

Responsibilities

Business

• Protect the Bank.  Protect the bank via proactive regulatory risk reduction actions. Ensure regulatory reporting is consistent across regions / businesses and centrally track reporting through governance committess, maintain a rolling agenda for review.
• Risk vs. Reward Decision Making.  Make informed and educated risk decision making.  Make appropriate commercial / financial institution risk vs reward security decisions.
• Driving sustainable growth.  Develop the compliance awareness, engage with colleagues across the functions and businesses departments to deliver sustainable risk and compliance solutions.  Lead and facilitate change through effective communication, preparation and implementation.
• Achieving excellence.  Drive business performance, compliance and security. 
• Risk Reduction.  Work with key stakeholders (IT and business) to proactively drive the reduction in IT Security risks and to improve the security risk posture of HSBC within the business risk appetite.
• Awareness.  Improve awareness of IT Security risks / threats across IT and the business.

Customers and Stakeholders

• Customer focus.  Lead a customer- led and direct the wider reporting function, both on-shore and off-shore. Engage with relevant programmes and initiatives that impact upon governance, compliance and risk reporting. Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.
• Strengthening stakeholder relationships.  Engage with senior stakeholders across all three lines of defence to recognise management and governance reporting requirements within major businesses and entities and at Group level. Provide support to the GB/I’s CISO’s with regards to engagement with external stakeholders and regulators, through provision of data as regards support the risk posture to the control enviornment.
• Understanding markets and customers.  Understand the financial services industry security and threat landscape.  Analyse, interpret and communicate developments in the customer's and business segment's local marketplace.

Operational Effectiveness & Control

• Lead the continuing development, implementation and improvement of the processes, structures, capabilities, capacity and infrastructure needed to deliver agreed plans and targets. Collaborate with colleagues to maximise end to end integration, effectiveness and efficiency.
• Establish and maintain a robust and efficient control environment across Cybersecurity to ensure good operational, financial and project management and compliance with HSBC policy and procedures, together with early identification and effective resolution or escalation of issues that arise.
• Lead the development, implementation and maintenance of a global management information, analysis and reporting framework for the Assessment team’s activities that supports and informs timely and effective business management and decision making at all levels.

Observation of Internal Controls

• Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
• The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified IT security risks.
• The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
• This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.

Leadership & Teamwork 

• Develop and communicate a clear vision for the regional teams that is aligned to the overall HSBC vision, values and goals, and inspires and engages people to create an inclusive, high performing, customer-centered culture.
• Lead, develop and motivate the TPSA leadership team to attract, retain and develop the capacity, capability and talent to provide for succession and ensure delivery of business objectives.
• Set expectations, share best practice and manage, monitor, coach and develop TPSA leaders and others to ensure that they maximise their performance, meet the required standards, and continuously develop their capabilities and experience.
• Lead and encourage constructive cross-country and cross-business teamwork by demonstrating collaboration and matrix management in action and taking prompt action to address any activities and behaviours that are not consistent with HSBC's diversity policy and/or the best interests of the business and its customers.
• Accountable for calibration and consistency of performance management outcomes for all Third party Security Assessment resources 
• Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change
• Execute HR processes related to Career and Talent Management and drive performance and reward consistency
• Part of the Senior Leadership team for Cybersecurity Assessment and Testing

Qualifications

Functional Knowledge

• Subject matter expert on security risk assessments both at entity and services consumed in the Financial Services industry or global corporate service provider
• Knowledge and exposure of Risk and Control Management
• Understanding of NIST, ISO270001, regulatory requirments and standards
• Have one or more industry-recognised cybersecurity-related certifications including CISA, CISM, CISSP, CRISC and CCSP etc.
• A demonstrable technical understanding in Cloud Security (particularly for SaaS) is desired.

 Mindset

• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way
• Positive and professional attitude, team player, flexible and adaptable, embraces change.
• Confident and takes responsibility and ownership for work and personal development

Strong stakeholder management and communications skills

• Experience of working in international and diverse environments
• Experience in managing global teams, often remotely
• Experience in engaging with third parties, business, regional and regulatory stakeholders
• Ability to influence executive leadership – effectively translating technical gaps into business risk
• Ability to understand and articulate defects, threats and technical gaps to both technical/ non-technical and business stakeholders.
• Ability to prepare concise updates, reports and presentations for senior management
• Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken/ written English)

Other

• Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management
• Availability to travel (if required) for this role, i.e. travel within country as well as occasional International travel

You’ll achieve more at HSBC

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Software Development (GuangDong) Limited***