Vulnerability Management Assessments Lead

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Vulnerability Management Assessments Lead.

Business: Cybersecurity 

Principal responsibilities

OPERATION

• Create new and improve existing operational models to guide our daily operational activities.
• Identify service gaps and create uplift plans for future state models and road maps.
• Identify critical paths of operation and ensure that they are followed to provide the most streamlined and efficient method of operating, sometimes working to critical time deliveries.

ASSESSMENT

• Ensure that the assessment function is able to react in real time to potential threats, runs to a high-quality standard, including ingestion of relevant intelligence, and appropriate analysis to put the bank in the best informed position to make choices that will continually lead to successful defence and hardening.
• Maintain operational documentation and ensure reports are available, and how to access and utilise existing filters.
• To oversee the False Positive, Temp Fix, criticality reviews, Patch Tuesday, Service Sustainability Portfolio and Secret Exposed Credential reviews conducted by the team and ensure that satisfactory and accurate identifications are managed and documented for audit purposes.
• To create and maintain a suitable remediation and mitigation guidance to ensure all Global Businesses and Functions have clear instructions on available solutions and are able to deploy the required fix, or reduce our risk exposure. You will also be responsible for working with 2LOD where Issues and APs are required.
• Ensure that all CVE/CWE vulnerabilities are reviewed and attended to, in an accurate and reportable way. You will be responsible for maintaining all intelligence, criticality assessments and risk feeds that keep us up to date and in some cases, ahead of the adversaries.

GOVERNANCE

• Contribute to responses that inform requests from Regulators, Internal/ External Audit etc; and responses to 2LOD challenges/ Papers providing responses / guidance to the Cybersecurity Governance Team
• Providing commentary to routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs.

GENERAL

• Adhoc tasks as required; including support to CSAT operational activities.
• Handling escalations and ad-hock requests from any team or angle.
• Be able to work and empower teams on a fully global level, including a five day FTS model.
• Ability to co-ordinate with a wide range of stakeholders to drive accountability and remedial activities.

Knowledge & Experience/Qualifications

Exceptional practical application and execution of:

• Applying, and improving elements of the Vulnerability Management Lifecycle.
• The ability to use multiple toolsets to convey information, obtain data, and make it meaningful to future plans.
• Business and architectural design experience, including controls analysis, process flows, data flows, etc.
• Knowledge of existing scanning technologies (e.g. Nessus, SAST, MAST and DAST scanning).
• Threats and Risk, able to act with insight to deliver a core part of the Cyber Security Operational model in HSBC. Multiple functions will come together to ensure the safety of the bank and the ability to continue business under any circumstances.

Knowledge of CVE’s, CISA, NVD, Mitre and CVSS metrics.

• Minimum 3 years’ experience in working within a threat & vulnerability management function or a minimum of 3-5 years’ experience in working in IT Security or similar role
• High level of integrity and strong ethical values.
• Ability to lead by example and experience in managing a team of multi-skilled team members to deliver core requirements in a simultaneous fashion.
• Lateral thinking and creative form to deploy expertise in the uplift of people skills, process identifications, and technological adjustments.
• Excellent organisational, administrative, analytical, and problem solving skills with the ability to work accurately and methodically whilst under pressure to meet deadlines.
• Strong interpersonal skills with the ability to build effective working relationships with colleagues and work well as part of a team. 
• Pro-active, independent, collaborative team player with a positive attitude.
• Flexible approach to shifting or competing priorities.
• Proven track record on delivering activities on time to a high standard.
• Excellent understanding of SharePoint, Microsoft Excel & Teams, and Confluence.

HSBCVZ/GZ*

About HSBC Technology China

We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.

Candidate with less relevant experience or skills may be offered a lower Global Career Band than stated above.

You’ll achieve more when you join HSBC.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Software Development (GuangDong) Limited***