VP INM, RESILIENCE RISK AND DPO

Some careers open more doors than others. 

If you’re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Business Descriptor:

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people’s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues.

Role purpose

This role sits within Cybersecurity Management and operates as part of a global/regional Cybersecurity team to define and implement an industry-leading Cybersecurity service that stays ahead of evolving threats. The role also leads delivery of key IT/cyber projects and acts as a confident point of contact for Indian regulators and auditors, ensuring the organisation can evidence strong governance, control design, and operational effectiveness.

Location

GIFT City, Gujarat (India)

Key responsibilities:

Cybersecurity leadership & service delivery

• Support Senior Managers in defining and implementing an industry-leading Cybersecurity service aligned to global strategy and local entity requirements.

• Partner with Technology, Risk, Compliance and business stakeholders to implement team goals within policy, budget, and regulatory constraints.

• Drive continuous improvement of security controls, processes, and reporting to address changing threat landscapes.

• Embed best-practice management and support delivery of transformational change across Cybersecurity and Technology.

India regulatory alignment & compliance (core requirement):

• Maintain strong working knowledge of India’s cybersecurity and technology risk regulatory expectations relevant to financial services (e.g., RBI/SEBI/IRDAI expectations as applicable to the entity, CERT-In directions, and other local requirements impacting incident reporting, logging, third-party risk, and cyber resilience).

• Translate regulatory requirements into actionable control enhancements, operating procedures, and measurable compliance outcomes.

• Ensure compliance evidence is complete, accurate, and audit-ready (policies, standards, control testing results, risk acceptances, remediation plans).

• Support internal audit and regulatory examinations by ensuring organisational changes and control implementations are fit for purpose and meet expectations.

Regulatory & audit engagement (facing role):

• Act as a key Cybersecurity representative in meetings with regulators and auditors, presenting control posture, risk decisions, and remediation progress clearly and confidently.

• Prepare regulatory packs: governance artefacts, metrics/KRIs, incident summaries, control attestations, and project status updates.

• Coordinate responses to regulatory observations, ensuring timely closure with clear ownership, milestones, and evidence.

IT project delivery (run projects end-to-end):

• Lead delivery of cybersecurity and IT initiatives (e.g., security tooling uplift, IAM improvements, vulnerability management enhancements, logging/SIEM, endpoint controls, cloud security, resilience improvements).

• Own project governance: scope, plan, RAID, dependencies, stakeholder management, and delivery reporting.

• Ensure projects meet security-by-design expectations and align to the three lines of defence model.

Governance, operating model & people management:

• Ensure adherence to the three lines of defence model with clear accountability and segregation of duties.

• Support Senior Managers in building a high-performing team and managing regional relationships.

• Provide direction to a small team (where applicable): objectives, performance targets, coaching, and development.

• Contribute to plans and budgets, identifying value and cost reduction opportunities.

Required skills and experience:

• Strong cybersecurity domain knowledge across governance, risk and controls, security operations concepts, and technology risk management.

• Demonstrable experience working with Indian regulatory expectations for cybersecurity/IT risk in financial services, including preparing for and responding to regulatory reviews.

• Proven track record delivering IT/cyber projects using structured delivery methods (Agile/Waterfall/hybrid), including vendor coordination where relevant.

• Excellent communication skills—able to explain complex technical and control topics to regulators, auditors, and senior stakeholders with clarity and confidence.

• Strong documentation discipline: policies/standards, control narratives, evidence packs, and executive-ready reporting.

• Stakeholder management across Technology, Risk, Compliance, and business teams.

Preferred qualifications:

• Industry certifications such as CISSP, CISM, CRISC, ISO 27001 LA/LI, PMP/PRINCE2 (or equivalent).

• Experience in regulated financial services environments and multi-country/global operating models.

• Familiarity with cyber resilience, incident management, third-party risk, and security metrics/KRIs.

Success measures :

• Regulatory and audit outcomes: reduced repeat findings, timely closure of observations, strong evidence quality.

• On-time/on-budget delivery of agreed IT/cyber projects with measurable risk reduction.

• Improved control effectiveness and operational maturity (e.g., logging coverage, vulnerability remediation performance, access control hygiene).

• Strong stakeholder feedback and effective cross-team collaboration.

Pro-tip : Familiarity with AI-enabled tools is an advantage.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hongkong and Shanghai Banking Corporation Limited, India