Job description

We are currently seeking an experienced professional to join our team.

In this role, you will:

Cyber Risk Assistant Manager is responsible assisting the BIRO/CITRO to provide assurance to business management that Information, Technology and Cyber Security Risk and Data Risk policies, procedures, and operating instructions within their respective line of business have been implemented, and to ensure that information security controls are operating effectively.


This role provides expert risk and control advice and/or support, challenge, and insights in the area of Business Resilience Risk, promoting risk and control monitoring and decision-making.


This job category will carry out some or all of the following tasks:

l  Undertake Information, Technology and Cyber Security Risk and Data Risk consultation – when required by the business, the Cyber Risk Assistant Manager can operate in a consultancy capacity for information security risks.  This is undertaken on both an ad hoc and organised basis and is vital for ensuring that information security controls are appropriate to the line of business and in line with the business’s risk appetite.  Any risks identified by the line of business can be considered in the broader regional/global context.

l  Support the implementation of the relevant Resilience Risk Technology and Cyber Security Risk and Data Risk policies controls – this also may involve engaging with the implementation of Resilience Risk projects/programmes as outlined in the BIRO/CITRO Standard Operating Procedures including appropriate oversight, management, and awareness of:

a)       Information, Technology & Cyber Security Risk Awareness and Training

b)       Information, Technology & Cyber Security Risk Advice and Guidance

c)       End User Environments 

d)       End User Information Security

e)       End User Computing 

f)         Third Party Managed Environments 

g)       Third Party Security Management

h)       Physical Information Security 

i)         Incident Response and Recovery 

j)         Identity and Access Management 

k)       Information Risk Identification and Management

·     This role Support the business with identification and management of their information security risks that are specific to their line of business/function, as directed by the BIRO/CITRO.


To be successful in the role, you should meet the following requirements:

·        Educated to undergraduate or post-graduate degree level.

·        5+ years’ experiences, with at least 2 years’ experience in Technology/Cyber Risk Management, on Operational Risk Management; Consultant or internal audit with insurance/fund or related financial industry experience is preferable.

·        Good understanding and knowledge on Operational Risk and Internal Control principles, with hands-on experiences in implementing control frameworks within complex environments, handling risk and control assessment, control identification, testing design, and risk trends analyzing.

·        An expert and extensive level of cyber information risk/data risk knowledge or general operational risk knowledge in order to be able to face off appropriately to the different risk owners and stewards in China and to external parties. Relevant certifications (e.g., CISSP, CISM) are a plus.

·        Strong analytical and problem solving skills with strong ability to drive operational risk within the first line of defense and obtain appropriate management buy-in.

·        Good in communication skill and ability to interpret technology risks, controls, and findings to non-tech background people.

·        Attention to detail combined with strong delivery focus and ability to meet aggressive timeframes with quality results.

·        Working across cultures; good at speaking and articulating in both Mandarin and English.

You’ll achieve more when you join HSBC.


HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within and inclusive and diverse environment. Personal data held by the Company relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website./RG

Issued by HSBC FinTech Services (Shanghai) Company Limited