This job has expired

Project Manager/Cybersecurity

HSBC
8-11 years
Not Specified

Job Description


Job Description
Some careers have more impact than others.
If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be.
HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
Job Purpose
The Cybersecurity function is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risk and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.
This role reports to the Head of Compliance Management in the Cybersecurity Business Enablement team. The key objective of this role is to support the businesses and functions to provide consistent, accurate information relating to Cybersecurity controls and activities in response to Regulatory/Third Party exams, audits assessments and due diligence questionnaires. The scope covers global Financial Service Regulators, Payment Regulators and Third Party partners to:
  • Support RISOs, BISOs & Cyber Country Leads on Regulatory and Client engagements
  • Support the Regional Cybersecurity GRC leads on Regulatory engagements
  • Act as escalation point for any challenges to the provision of timely, accurate information to the Regulators
  • Provision of analysis of Cybersecurity controls against Regulatory/Third Party text including new or amended Regulations
  • Support regulatory/3rd party onsite assessments as required
  • Provide analysis of Cybersecurity controls against industry standards such as NIST
  • Support or drive strategic development of the capability and services of Regulatory Compliance and Third Party Management
  • Highlight potential gaps in the Cybersecurity control framework and escalate potential deficiencies in controls to relevant committees
  • Liaise with Cybersecurity subject matter experts to provide evidence of compliance to Regulatory text/Payment Scheme codes of conduct, third party questions
  • Maintain an evidence/answer library by classifying and storing reusable evidence
  • Oversee the administration of GRC tool
  • Maintain an Audit tracker for every engagement, demonstrating a clear lifecycle of accountability and ownership across functional areas for evidence collation and provision
  • Maintain a quality assurance process within the team: work with the 2LoD to seek ratification that the response is fit for purpose
  • Manage queries/requests from other teams relating to Regulatory requirements and cyber controls
  • Act as the deputy to the Head of Compliance Management
  • Mentoring / Coaching / Guidance for other team members

Principal Accountabilities: key activities and decision making areas
Typical Targets and Measures
Impact on the Business/Function
  • Develop, manage and lead effective and efficient Triage team to ensure the core process is managed in a timely manner
  • Provide guidance and opinion on appropriateness of i) evidence provided to Regulator ii) cybersecurity controls when demonstrating compliance to regulations
  • Provide evidence of compliance to cybersecurity regulatory requirements
  • Share Evidence Library with Cybersecurity colleagues globally to drive consistency of cybersecurity information shared with Regulators
  • Engagement with stakeholders to understand impact across all Three Lines of Defence of gaps in cybersecurity regulatory compliance
  • Representing Cybersecurity Regulatory Management in various forums/project WGs
  • Takes appropriate actions to protect the bank and our customers.
  • Adherence to internal and regulatory/ third party deadlines.
  • Timely provision of reports and MI to Board and senior stakeholders.
  • Evidence of escalation of deficiencies to Governance committees, as appropriate.
  • Identification and sharing of forthcoming regulations and impact on HSBC Cybersecurity.
  • Continual improvement of Regulatory and Third Party engagement process.

Customers / Stakeholders
  • Customer Focus. Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.
  • Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.
  • Influences and engages effectively across a range of audiences
  • Engages effectively with customers/stakeholders at all levels
  • Builds and maintains effective working relationships
  • Manages a diverse set of stakeholders across the Three lines of Defence in order to achieve the overarching objectives, including:
    • RISOs, BISOs & Cyber Country Leads
    • Cybersecurity teams
    • GBGF Stakeholders
    • Operational and Resilience Risk
    • Information Security and Risk
    • Audit and Compliance
    • Business
  • Takes action and engages resources to create new and innovative solutions to address future customer needs.
  • Generates positive feedback in all stakeholder and customer interactions.
  • Gathers information to deepen insight for internal customers. Anticipates activity and drives/ influences the development of business/ function strategies.
  • Builds trust with stakeholders using innovative ideas in security to address their needs.
  • Evidence of when influence was effective.
  • Measure value-added insight to stakeholders.

Leadership & Teamwork
  • Work together with subject matter experts from Cybersecurity and Resilience Risk, to develop appropriate regulatory responses
  • Provide advice on levels of compliance to global cyber security regulations
  • Contribute to team development, effectiveness and success by sharing knowledge and good practice, working collaboratively with others to create a productive, diverse and supporting work environment
  • Take personal responsibility for understanding and agreeing performance expectations, completing the necessary mandatory training and developing the levels of capability and competence needed to be effective in the role.
  • Mentoring / Coaching / Guidance for other team members
  • Translates the required course of action into a clear and realistic vision.
  • Contributes to individual and team reward and recognition systems, and on-going development of effective performance management measures.
  • Translates coaching requirements to organizational performance requirements. Designs, documents and implements a variety of coaching plans.
  • Identifies and builds relationships with key contacts and influencers
  • Monitor complex dependencies and respond accordingly to ensure on-going delivery to local regulatory requirements and organisational business goals.

Operational Effectiveness & Control:
  • Managing risk responsibly. Lead the continuing development, implementation and improvement of the processes, structures, capabilities and capacity needed to deliver business, regulatory and third party requirements. Collaborate with colleagues to maximise end to end integration, effectiveness and efficiency.
  • Establish a robust control environment. Maintain effective operational and financial management of the capability and compliance with HSBC policy and procedures, together with early identification and effective resolution or escalation of issues that arise.
  • Govern risk responsibly. Oversight and Management of the Cybersecurity risk and practices to ensure quality, effective risk management and regulatory compliance across the functions, business and regions. Utilising GRC tool (i.e. Archer) to support all activities.
  • Promote ethical management of risk across the business and regions and within the team. Communicate changes in policy and governance effectively, reinforcing risk processes within their team.
  • Creates an environment which anticipates risk with the evolving regulatory landscape, ensuring action is taken to quantify and mitigate them.
  • Implements best practice in risk tracking, reporting and all other areas of responsibility.
  • Builds plans and budgets which identify value and cost reduction opportunities.
  • Ensures reconciliations of expenditure against completed work and benefits realisation recommends how to tackle any variance.
Qualifications
Management of Risk
This is a high profile area so risk management is the key underlying objective. This will be achieved by:
  • Ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
  • Consistently displaying the behaviours that form part of the HSBC values and culture and adhering to HSBC risk policies and procedures, including notification and escalation of any concerns and taking required action in relation to points raised by regulators and/ or third parties.
  • Continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
  • Ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with Head of the function and other service line leads as appropriate.

Observation of Internal Controls
  • Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
  • Contribution to processes for building and delivering actionable management information (MI) to senior audiences.
  • The role holder will adhere to and be able to demonstrate adherence to internal controls. Achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
  • The role holder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance embraces all relevant financial services laws, rules and codes with which the business has to comply.
  • This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, and fostering a compliance culture and optimising relations with regulators.

Local Job Requirements
  • Strategic input. Monitoring the strategy, developing and defining the Regulatory and Third Party Management capability strategy. In-depth understanding of regulatory environment and applicable regulations, codes and compliance requirements.
  • Budget and people. To manage a direct headcount of approximately 9 people. This role will also include functional and entity responsibility.
  • Internal and external relationships. To build an effective team who gain trust, and operate with transparency and consistency in the relationships with the key stakeholder groups internally and externally to ensure that regulatory compliance is given appropriate focus.
  • Regulatory & Risk Management - Working closely with peers in the business and regions to deliver sustainable results, build strong relationships with internal and external stakeholders to understand the IT/ cybersecurity risk profile and the management of related operational risk.

Certifications, Qualifications & Experience
  • Typically educated to degree level, within IT and Risk. Industry qualifications (CISSP, CISA, CISM).
  • 8+ years experience in IT risk and compliance.
  • Regulatory engagement, experience in dealing with compliance matters, and regulatory liaison.
  • Knowledge of regulatory requirements.
  • Strong written and verbal communication skills
  • Ability to build strong relationships and communicate on complex issues with a wide spectrum of stakeholders
  • Understanding of business finance and experience of effective management of budgets and expenditure
  • Comprehensive understanding of banking and security in context of wider industry trends and direction

You'll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.'
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
***Issued By HSBC Software Development Centre***

Job Details

About HSBC

Job Source : hsbc.taleo.net

Similar Jobs

People Also Considered

Data Not Available

Career Advice to Find Better

Simple body text this will replace with orginal content