CISO - OBKYC and Customer Due Diligence (CDD) and Servicing, and CIB Middle East

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential - whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.


We are currently seeking an experienced professional to join our team in the role of CISO - OBKYC and Customer Due Diligence (CDD) and Servicing, and CIB Middle East .

Role Purpose:
The CISO – CIB OBKYC/CDD and Servicing is responsible for implementing and enhancing a best-in-class Cybersecurity capability across their assigned Global Business/Global Infrastructure (GBGI) within the Middle East region. This role ensures the secure delivery of Onboarding, KYC, and Customer Due Diligence processes while protecting sensitive customer and institutional data against evolving cyber threats. The role requires strong alignment with Middle East regulatory frameworks (e.g., SAMA, DFSA, CBUAE, QCB) and global standards. The CISO will work closely with senior executives, regulators, and industry bodies to foster a security-first culture, while leading a high-performing Cybersecurity team across a complex, multinational environment.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

In this role you will:

• Drive the execution of the global Cybersecurity strategy within the Middle East GBGI, ensuring compliance with local regulatory requirements (SAMA, CBUAE, DFSA, QFCRA, etc.).
• Oversee Cybersecurity risk governance and reporting to GBGI Boards, Committees, regulators, and senior executives.
• Lead the continuous assessment of cyber threats in the region and adapt controls to address local risk environments.
• Support regulatory inspections, audits, and external assurance reviews, ensuring evidence of control effectiveness.
• Partner with senior stakeholders (CIOs, COOs, CEOs) across the Middle East to embed Cybersecurity into business decision-making.
• Ensure Cybersecurity controls for OBKYC/CDD platforms meet both global standards (NIST, ISO 27001) and regional regulations.
• Lead the Cybersecurity incident response process in the region, coordinating with regulators, legal teams, and executive leadership.
• Build a customer-first Cybersecurity culture, ensuring trust, resilience, and regulatory compliance in customer onboarding and servicing processes.
• Represent the firm in Middle East industry forums and with regulators to influence emerging cyber policies and contribute to shaping industry standards.• Lead and develop a high-performance cybersecurity team, fostering learning, collaboration, and engagement.
• Participate in relevant governance committees and industry forums to influence standards and regulatory expectations.
 

To be successful in this role you should meet the following requirements:

• Extensive Cybersecurity leadership experience within large, complex, multinational organisations, preferably in banking/financial services within the Middle East.
• Strong understanding of Middle East regulatory requirements (SAMA Cybersecurity Framework, NCA ECC, CBUAE Information Security Regulations, DFSA cyber rules, etc.).
• Deep expertise in Cybersecurity frameworks (NIST, ISO 27001), incident response, risk management, and control design.
• Proven ability to engage with regional regulators and represent the organisation in inspections and regulatory discussions.
• Exceptional communication and influencing skills; able to translate complex cyber risks into business language for executives and boards.
• Demonstrated success in leading and developing diverse global teams across multiple jurisdictions.
• Entrepreneurial and customer-centric mindset, capable of balancing business priorities with Cybersecurity resilience.• Nice to have: knowledge of FX and Asset Management business models.


This role is based in Sheffield, Grosvenor House, Hybrid.

Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces - no matter their gender, ethnicity, disability, religion, sexual orientation, or age. We are committed to removing barriers and ensuring careers at HSBC are inclusive and accessible for everyone to be at their best. 

If you have a need that requires accommodations or changes during the recruitment process, please get in touch with our Recruitment Helpdesk:

Email: hsbc.recruitment@hsbc.com

Telephone: +44 207 832 8500