Threat and Controls Assessment - Consultant Specialist

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support  and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in Threat and Controls Assessment Senior Consultant

In this role, you will  be closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.

Key Responsibilities:

• Independently identify and assess the potential security threats and vulnerabilities in systems, applications, and networks.
• Work on complex architecture, systems, network to identify the potential security gaps and help HSBC bank to achieve expected security posture of the systems.
• Perform effective threat and control assessments of services within our internal, external and cloud estate.
• Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps.
• Understand the Business requirements, evaluate potential products / solutions and provide technical recommendations.
• Be "hands on" with technology and contribute to the design, development and the support of projects with security recommendations.

• Identify threats across the IT estate; including applications, databases, network and other infrastructure components.
• Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.
• Work as Technical Lead and take ownership to improve the  processes, procedures and help team to improve technically.

• Stay up to date with industry new trends and best practices.

Skills required

To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:

• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way
• Positive and professional attitude, team player, flexible and adaptable, embraces change

• Knowledge and exposure of Risk and Control Management
• Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders
• Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications
• In-depth understanding of security concepts and principles
• Proven experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets

• Strong understanding of applications design and architecture
• Knowledge and experience with network, host and application security practices
• Good working knowledge of one or more of the Cloud Service Providers – AWS, GCP or Azure
• Strong understanding of Software Development Life Cycle (SDLC) with a focus on security

• Experience in continuous improvement and process optimisation.
• Understanding of emerging technologies and corresponding security threats
• Experience of working in international and diverse environments
• Experience in engaging with business, technology, regional and regulatory stakeholders
• Ability to communicate to key stakeholders – effectively translating technical gaps into business risk
• Self-motivated individual with strong analytical and problem solving skills
• Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change
• Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management

You’ll achieve more when you join HSBC               

www.hsbc.com/careers

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by – HSBC Software Development India