Job description

Cybersecurity Business Engagement Analyst – GCB4


Big Bank Funding. FinTech Thinking.


Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.


Role Description:

The Cybersecurity team at HSBC is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.

The CST Business Engagement analyst is a role within the Cybersecurity Strategy & Transformation (CST) function of the Cybersecurity team. The role holder will interface and work closely with the relevant stakeholders within the Cybersecurity Business Enablement (CBE) function and will contribute for delivering the CST Business Enablement framework and operating model going forward.



The CST Business Engagement analyst within CST will drive and deliver the following services in conjunction with the CST team and individual GB/GF/Regional CBE teams;

  • Work with control and service owners to agree strategies, roadmaps and architecture to meet GB/GF/Reg needs
  • Work with the Strategy team, Control Owners and CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to identify global gaps or opportunities for improvement, highlighted in audits and emerging from evolving regulatory requirements.
  • Assist Cybersecurity capability leads/ Product Owners/ project teams to prioritise demand based on GB/GF/Reg risk return on investments, change feasibility and the mandatory nature of change (regulations).
  • Support coordination and facilitate discussion between Cybersecurity capability leads/ Product Owners/ project teams; technology and the CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to define qualitative and quantitative benefits of the change.
  • Ensure escalation for CBE and project teams and support with unblocking change delivery/ adoption issues for their respective assigned areas of CBE business and regions. Also provide specialist advise/ business context to the as it pertains to the GB/GF/ Reg.
  • Assist Cybersecurity capability leads/ Product Owners/ project teams to understand the path of adoption for the work they are doing.
  • Work with Cybersecurity capability leads/ Product Owners/ project teams to ensure strategies, roadmaps and architecture meet requirements from CBE teams
  • Work with Cybersecurity capability leads/ Product Owners/ project teams and Service Owners to assist with the development of the Operational Readiness plan (i.e. BAU embedment) for the GB/GF/Reg within the change releases.
  • Contribute to the creation of Outcomes and Key Results (OKR) for Cybersecurity and support the leadership in understanding the realisation of these outcomes, and in adjusting work in progress to better serve OKR realisation.








Essential Skillset/Experience:


  • Knowledge and exposure of Cybersecurity Risk and Control Management
  • Experience of translating difficult IT concepts into business language;
  • Experience of project management principles and have a relevant Project Management qualification (e.g. PRINCE2, Agile);
  • Experience with Project Management Tools (such as Clarity, JIRA)
  • Excellent cybersecurity knowledge; Understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors, inherent/residual risk;
  • Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs) is a must;
  • Familiarity with the NIST Cyber Security Framework (CSF) required;
  • Experience with GRC Tools (such as HELIOS, ServiceNow, Archer) is a plus;
  • Experience of working at an operational level in international environments that drive a international perspective;
  • Experience in managing stakeholders in different geographies;
  • Experience in creating and reviewing executive reports (up to board level);
  • Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrating high level of communication skills in order to achieve effective stakeholder management



The base for this role can be flexible however there may be occasional travel requirements.

Come Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of ethnicity, religion, age, physical or mental disability/long term health condition, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by local law in the jurisdictions in which we operate. Within the work place you will have access to various employee resource groups which aim to promote and achieve a healthy work / life balance and support our diversity ambitions.  HSBC has in place processes in order to avoid nepotism, which means to avoid creating circumstances in which the appearance or possibility of conflicts of interest may exist within the hiring process.


We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.


As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.


Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.


You can find out more about the recruitment journey and what to expect by viewing our Recruitment Process FAQs in HR Direct and by clicking here (only available via internal access).


Recruitment Helpdesk:


Tel: +44 (0) 207 832 8500