Chief Control Officer and Third-Party Management (CCO and TPM)

Job Purpose:

This role reports into the Head of Business Risk and Resilience (BRR) within the Global Chief Operating Office (GCOO) and combines direct accountability for Third-Party Management (TPM) with additional responsibilities over business Financial Crime (FC) risk and Risk & Control Oversight Management (RCOM). The role holder will assist drive a holistic risk and control strategy, overseeing third party risk and supplier management, and ensure robust governance and compliance across the market. Furthermore, they will act as the first line of defense. Whilst working in conjunction with the Head of BRR, they will enable and optimize a high-performance Non-Financial Risk (NFR) management culture, and safeguard HSBC from risks associated with internal and external third parties.

Key Responsibilities:

• Lead the execution of NFR optimization with the Head of BRR and implement consistent NFR management frameworks across entities.
• Implement strategies to build a robust Market GCCO operating model, eliminating duplication whilst driving continuous improvement.
• Collaborate regionally focusing on change-management risks and reducing complexity over process and procedures, to drive efficiency of TPM, FC and RCOM.
• Ensuring delivery of GCCO and TPM services, coupled with adherence to service catalogues and Service Level Agreements (SLAs), all whilst preserving the reputational standards expected across HSBC.
• Manage the regulatory, conduct and FC risk for TPM controls, ensuring efficient and effective delivery to meet the governance and oversight requirements expected to satisfy in-country regulators.
• Provide Management Information (MI) and analytics on supplier management, outsourcing, and contract lifecycle management, enabling informed decision-making.
• Proactively identify and rectify process and control weaknesses, working closely with 2nd and 3rd line teams to maintain an effective overall 3LoD model.
• Lead and support the design, delivery, and rollout of global TPM programs in-country, ensuring consistency between regional and global initiatives.
• Through the Head of BRR, support Risk & Compliance measures for RCOM, and governance in GCOO of local regulations in accordance with HSBC guidelines.
• Present and prepare papers for the onshore Operational Management Committee and Regional Risk Management governance meetings as required.

Leadership & Teamwork:

• With minimal dependency, exhibits self-directed management qualities and is able to build and maintain strong relationships across a global organization, influencing positive and commercial outcomes.
• Collaborative member who critically assesses risks and is solutions orientated.
• A team member who drives an educational sharing of best practice ethos whilst creating and facilitating training over internal and external TPM commitments.
• Someone who acts as a change agent, to embed this into enhanced TPM processes and can anticipate regulatory requirements to drive a risk and control oversight mindset.

Operational Effectiveness & Control:

• Support delivery of accurate Management Information (MI) and data related to TPM, contract lifecycles, supplier performance, and outsourcing management.
• Maintain and evolve TPM capability, supporting industry-wide initiatives for risk assessment and oversight.
• Ensure FC & RCOM are managed within the bank’s appetite, monitoring key risk indicators and driving actions in global businesses and functions.
• Adhere to internal controls, keeping appropriate records and implementing audit points and regulatory findings.

Requirements:

• University degree with proven relevant work experience in Risk Management, Compliance, Financial Crime, Audit, &/or Third-Party Management.
• Proven experience working within and navigating large, complex global institutions that place significant emphasis on culture, values, behaviours, and organisational objectives.
• Expertise in risk management, MI reporting, technology adoption to optimize working arrangements and productivity, operations, supplier management, and governance.
• Extensive experience in managing and applying controls across functions, including regulatory and operational risk frameworks.
• Strong stakeholder management, communication, and influencing skills, with experience engaging senior executives.
• Ability to work independently, prioritize under pressure, and deliver results in a matrix environment.
• Ability to demonstrate strong aptitude for rapid learning and problem solving.
• High ethical standards, innovative and embodies critical thinking and a solutions-based mindset.
• Fluent in English with business level Japanese preferred.

Measures of Success:

• No high audit issues or material regulatory findings against TPM and CCO services.
• Adaptable to the changing working conditions through process and technology, to drive efficient and accurate outcomes.
• Timely delivery and execution of these outcomes and tasks, and someone who can contribute strongly towards supporting the Head of BRR and GCOO office.
• Measurable improvement in Third-Party Risk Management and maintaining high assurance standards and management over controls and FC risks.
• Enhanced visibility and control over Third-Party engagements and areas of risk exposure.
• Positive feedback from stakeholders and evidence of value-added engagement.
• Accurate reporting and MI that withstands audit and regulatory scrutiny.