Senior Data Security Manager

Location: 

Shanghai, SH, CN, 200001


Brand:  HSBC
Area of Interest:  Technology
Closing Date:  Hybrid Worker
Date:  2 Jul 2026

Job description

GCIO - Asia & Middle East Technology

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people’s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues.

 

We are currently seeking an experienced professional to join our team.

 

In this role, you will:

  • Lead data security-related regulatory and audit gap analysis across HBCN systems, with priority on critical applications and systems handling sensitive data.
  • Drive remediation planning, governance, progress tracking, and follow-up for identified data security gaps, working closely with application teams, Technology, data governance, cyber security, risk, compliance, operations, and vendor stakeholders.
  • Coordinate data security control uplift initiatives, including requirements clarification, solution planning, implementation coordination, control validation, evidence preparation, and lessons learned to support scalable rollout.
  • Help establish a scalable data security control model for audit logging, data protection, regulatory reporting, control assessment, inventory maintenance, recertification, and issue remediation.
  • Coordinate data security and data governance initiatives across Technology and relevant control functions, ensuring delivery commitments are clear, tracked, escalated where required, and aligned with internal control objectives.
  • Support project planning, milestone management, issue resolution, stakeholder communication, reporting, and delivery governance for data security and control uplift activities.
  • Provide BAU consulting support for data security control activities and regulatory obligations, including regulatory reporting and follow-up on systems requiring control uplift or remediation.
  • Support control assessment for new applications and periodic recertification activities, ensuring technology teams understand requirements, provide quality evidence, and remediate gaps in a timely manner.
  • Support application and control inventory maintenance, new application reporting, periodic recertification, and related governance activities to maintain accurate and complete control records.
  • Provide senior-level advice, negotiation, and conflict resolution across project, risk, control, and service management forums, balancing regulatory expectations, data security risk, delivery timelines, and business outcomes.
  • Support audit, assurance, regulatory review, and management reporting activities by providing clear evidence of control design, operation, monitoring, exceptions, remediation, and governance decisions.
  • Mentor and guide technology and data security stakeholders, fostering a culture of ownership, continuous improvement, evidence quality, and risk-aware decision-making.

 

To be successful in the role, you should meet the following requirements:

Knowledge

  • Extensive experience in data security, cyber security, technology risk, data governance, audit remediation, or information protection within a complex financial services or regulated technology environment.
  • Deep understanding of data security principles, including audit logging, sensitive data protection, data classification, access control, encryption, data loss prevention, database security, secure data transfer, retention, and monitoring.
  • Strong knowledge of technology control frameworks, regulatory and audit expectations, secure software delivery, IT operations, enterprise applications, infrastructure, databases, and service management processes.
  • Demonstrated ability to translate policy, internal control objectives, regulatory expectations, and audit findings into practical technology controls, evidence requirements, implementation actions, and measurable remediation plans.
  • Solid understanding of data governance, privacy, data protection, outsourcing, third-party risk, and regulatory expectations relevant to banking technology and data processing.

Experience

  • Proven experience leading regulatory or audit gap analysis, control remediation, project coordination, or assurance activities across multiple systems, platforms, or business services.
  • Strong track record of managing complex stakeholders across Technology, data governance, cyber security, business, risk, compliance, audit, operations, and vendor organizations.
  • Experience coordinating data security or data governance initiatives, including planning, progress tracking, issue escalation, stakeholder communication, delivery governance, and management reporting.
  • Experience driving remediation of data security issues, audit findings, control gaps, policy deviations, system non-compliance, or regulatory actions to sustainable closure.
  • Practical experience with audit logging, system inventory, control assessment, recertification, evidence collection, issue management, and reporting processes.
  • Practical knowledge of security tools and processes such as IAM, PAM, DLP, SIEM, encryption services, key management, configuration management, data discovery, and monitoring platforms.
  • Strong vendor and application team management experience, including assessment of data security control gaps and collaboration on improvement plans.
  • Exceptional negotiation and conflict resolution skills, with the ability to manage competing priorities and influence senior stakeholders on high-priority regulatory and audit topics.
  • Advanced risk management capability, with a strategic approach to balancing regulatory expectations, security, resilience, delivery, cost, and business outcomes.
  • Outstanding communication, leadership, analytical, and team development skills.

Leadership capabilities

  • Navigating - understanding and translating Group cyber security, data protection, internal control objectives, technology risk, audit findings, and local regulatory requirements into practical direction for own team and delivery partners.
  • Aspiring - being ambitious about providing the highest standards of data protection, control effectiveness, evidence quality, and secure technology delivery.
  • Driving - setting stretching goals for self and team and delivering them with courage, discipline, and tenacity.
  • Mobilizing - authentically engaging with team members, colleagues, business partners, global functions, and vendors to deliver secure outcomes at pace.
  • Sustaining - making considered decisions that protect and enhance HSBC values, customer trust, reputation, resilience, and business performance.

Qualifications

  • Advanced degree in Computer Science, Information Technology, Cyber Security, Data Management, Risk Management, or related fields preferred.
  • Proven experience in data security, cyber security, technology risk, data governance, audit remediation, regulatory engagement, or information protection in an IT environment.
  • Strong analytical and problem-solving skills, with the ability to assess complex technical risks and define practical remediation actions.
  • Excellent communication and interpersonal skills, with the ability to explain technical and control matters clearly to senior stakeholders.
  • Ability to translate business, regulatory, audit, and internal control needs into clear data security requirements, control expectations, evidence requests, and implementation roadmaps.
  • Experience with risk, control, issue management, requirement tracking, service management, project governance, and benefit realization frameworks.
  • Familiarity with agile methodologies, project management principles, secure SDLC, change management, and technology service management.
  • Detail-oriented with a focus on accuracy, completeness, evidence quality, and sustainable control operation.

 

Professional Standards

·       Delegating to Others

·       Financially Astute

·       Analytical Reasoning

·       Making Decisions

·       Managing Change

·       Managing Risk

·       Managing Customer Relationships

·       Managing Stakeholders

·       Planning & Organizing

·       Results Focused

·       Solving Problems

·       Speaks and Writes Effectively

 

 

You’ll achieve more at HSBC.

 

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within and inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.


Issued by
HSBC Bank (China) Company Limited