Head of Tech Risk And Assurance

Location: 

Mumbai, MH, IN, 400063


Brand:  HSBC
Area of Interest: 
Closing Date:  Office Worker
Date:  7 Jul 2026

Job description

Some careers have more impact than others.

 

If you’re looking for a role where you can continue to make an impression, take the next step at HSBC where your contributions will always be valued.

 

Head of Technology Risk & Governance (Mumbai) 

 

Role purpose

 

The Head of Technology Risk & Governance provides regional leadership for technology risk, control, and governance, ensuring technology services and change delivery meet India regulatory expectations and internal standards. The role partners closely with the India CIO and relevant Global Business and Infrastructure (GBI) technology leadership, acting as a key advisor to regional stakeholders on risk posture, compliance readiness, and safe growth.

This position owns the regional interface for technology risk and governance matters, ensuring transparency of risk and control status across the portfolio, and driving timely remediation and sustainable compliance.

 

Key responsibilities

 

Leadership and culture

 

  • Lead, coach, and develop a high-performing Technology Risk & Governance team in Mumbai, setting clear objectives, operating rhythms, and measurable outcomes.
  • Build a risk-aware engineering culture where risk management is embedded early (“shift left”) across design, build, test, and release—rather than being addressed after go-live.
  • Influence senior technology and business leaders to adopt consistent risk ownership, pragmatic controls, and disciplined decision-making.

 

Regulatory, governance, and stakeholder management

 

  • Serve as a senior point of contact for India technology regulatory matters, supporting the CIO with regulator and Board-level engagement where required.
  • Interpret and operationalise India regulatory requirements (including upcoming circulars), translating them into actionable technology controls, delivery guardrails, and measurable outcomes.
  • Maintain strong working relationships with regional business leaders, control functions, and global technology teams to ensure “law of the land” compliance without compromising delivery pace.

 

Technology risk management and control oversight

 

  • Lead the regional technology risk framework implementation, ensuring consistent identification, assessment, treatment, and reporting of technology and cyber risks.
  • Drive ethical and responsible risk decision-making, ensuring policy changes and governance expectations are clearly communicated and embedded into delivery and operations.
  • Provide oversight of critical risk themes including cyber security, resilience, third-party risk, data protection, and operational risk impacts across technology services.

 

Portfolio governance and delivery assurance

 

  • Ensure regional technology demand is captured, prioritised, and governed within the global portfolio, with clear visibility of delivery status, dependencies, and risk acceptance decisions.
  • Establish strong governance over programmes and change initiatives, tracking impacts to schedule, cost, quality, and control compliance across the regional portfolio.
  • Assure that solutions align to target-state architecture and engineering standards, including secure-by-design and compliance-by-design principles.

 

Service resilience and operational risk

 

  • Hold accountability for the robustness and quality of technology services delivered in-region, ensuring service performance is monitored and improved (e.g., SLA adherence, incident recovery performance).
  • Coordinate regional actions to reduce service risk, including oversight of major incidents, problem management, and root-cause remediation for CIO-owned applications and services.
  • Ensure operational controls are effective and evidenced, with clear audit trails and readiness for regulatory review.

 

Financial planning and investment governance

 

  • Contribute to annual planning and in-year investment decisions, building business cases for remediation and control uplift to achieve and sustain compliance.
  • Manage and influence budget allocation for risk remediation, resilience improvements, and regulatory-driven change, ensuring spend is targeted, justified, and outcomes-based.
  • Provide cost transparency for technology risk and compliance initiatives, aligning regional needs with global funding models and constraints.

 

Forward-looking technology risk (engineering and emerging tech)

 

  • Embed risk controls across the SDLC, including secure coding, DevSecOps, and release governance.
  • Provide risk leadership for modern engineering patterns and platforms (e.g., APIs, cloud-native services), ensuring appropriate threat modelling and control coverage.
  • Shape the bank’s preparedness for emerging technology risks (e.g., AI and quantum-era threats), ensuring safe adoption through policy, standards, and practical engineering controls.

 

Skills and experience (summary)

 

  • Deep understanding of India’s technology regulatory landscape and strong cyber security domain knowledge.
  • Proven experience implementing and operating technology risk frameworks across complex, multi-team environments (global + local).
  • Strong communication, influencing, and negotiation skills with senior stakeholders, auditors, and regulators.
  • Demonstrated ability to balance risk, compliance, and delivery outcomes—enabling growth while protecting customers and the bank.
  • Solid technical grounding in SDLC, API ecosystems, and modern engineering practices; awareness of AI and quantum-related security considerations.

 

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.

 

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

 

Issued by The Hongkong and Shanghai Banking Corporation Limited, India