Job description
Some careers shine brighter than others.
If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
Department and Function Background
Operating within the Global Cybersecurity function and under the management of the Global Head of Cybersecurity Operations & Intelligence, the Global Cybersecurity Operations & Intelligence (GCO&I) team provides a coordinated suite of cyber-threat defence services and are responsible for the monitoring, detection and response to cybersecurity threats across the global HSBC technology estate.
The GCO&I team is split into five distinct sub-functions:
· Monitoring & Threat Detection (M&TD) – Monitoring, detection, alerting and triage of initial cyber-threat events.
· Incident Management & Response (IM&R) – Management and deep-dive investigation and response to cyber-incidents.
· Information Protection & Response (IPR) – Management and response to cyber-related data protection incidents.
· Cyber Intelligence & Threat Analysis (CITA) – Collection, curation and production of actionable cyber-threat intelligence.
· Sustainable Cybersecurity Operations (SCO) – Consisting of three sub-function teams focussed on the continuous improvement of the Cybersecurity Operations and Security Operations Centre (SOC), technology integrations and capability enhancements.
Critical to the success of GCO&I are close partnerships with the wider Cybersecurity teams, technical infrastructure support teams and the internal HSBC stakeholders across the global businesses and functions.
Role Description – Principal Cybersecurity Operations Integration Analyst
Reporting directly into the ‘Head of Cybersecurity Operations Integration, the Principal Cybersecurity Operations Integration Analyst is the senior technical subject matter expert (SME) within a small team tasked with the onboarding of new technologies, business services logging feeds and cybersecurity tooling into the Global Cybersecurity Operations Security Operation Centre (SOC).
The role holder will the primary technical and engagement lead, tasked with achieving the desired outcomes via proactive and collaborative stakeholder engagements across the technology landscape. Working closely with the technology owners and the SOC Monitoring & Threat Detection and Incident Response teams, the role holder will continuously review and manage onboarding requests to ensure a cyber-threat intelligence led approach to the prioritisation of engagements.
This is a key role that underpins the foundational capabilities that support the Global Cybersecurity Operations & Intelligence mission to respond to cyber-threats against HSBC rapidly, effectively and consistently.
Role Description – Principal Cybersecurity Operations Integration Analyst
Reporting directly into the ‘Head of Cybersecurity Operations Integration, the Principal Cybersecurity Operations Integration Analyst is the senior technical subject matter expert (SME) within a small team tasked with the onboarding of new technologies, business services logging feeds and cybersecurity tooling into the Global Cybersecurity Operations Security Operation Centre (SOC).
The role holder will the primary technical and engagement lead, tasked with achieving the desired outcomes via proactive and collaborative stakeholder engagements across the technology landscape. Working closely with the technology owners and the SOC Monitoring & Threat Detection and Incident Response teams, the role holder will continuously review and manage onboarding requests to ensure a cyber-threat intelligence led approach to the prioritisation of engagements.
This is a key role that underpins the foundational capabilities that support the Global Cybersecurity Operations & Intelligence mission to respond to cyber-threats against HSBC rapidly, effectively and consistently.
The Principal Cybersecurity Operations Integration Analyst is accountable for:
· Leading the technical development, implementation and maintenance of a technology and log ingestion framework that aligns to control requirements and supports a cyber-threat intelligence led approach to the detection, response and containment of cyber-threats.
· Leading and maintaining the technical aspects of a flexible stakeholder engagement model that caters for both proactive and reactive collaboration and can rapidly adjust and reprioritise workloads in response to the changing threat-landscape.
· Building and maintaining strong processes and collaborative working practices with supporting teams in Sustainable Cybersecurity Operations and the wider Global Cybersecurity Operations & Intelligence teams.
Building relationships and engagements with the many technology and platform owner stakeholders
· Successfully maintaining these relationships and delivering prioritised outcomes in an environment where relationships can be complex and priorities are often divergent.
· Maintaining governance across all Cyber Ops Integration activities and ensuring the creation, collection and processing of key data points to feed into relevant service reporting e.g. service delivery metrics, KPIs, KCIs, and performance dashboards.
· Supporting the development and maintenance of a functional strategy that supports continuous improvement and is aligned to the wider Sustainable Cybersecurity Operations and Global Cybersecurity Operations & Intelligence strategy and goals.
Impact on the Business/Function
· Supports the development of the GCO&I functions, engaging with colleagues across Cybersecurity and other IT functions to drive and deliver sustainable operational solutions in line with department strategy.
· Drives business performance, clear thinking and utilises experience whilst under pressure.
· Delivers sustainable business outcomes.
· Supports the building of effective technology and process control capabilities that continuously evolve to meet security and compliance needs
· Works closely with peers and business leads to build and implement controls in adlignment with risk-posture, architectural constraints, company strategic direction and industry trends and best practices.
· Drives delivery of the highest standards and outcomes, inspiring others to do the same. Focuses on medium and long-term goals even when under pressure or facing uncertainty. Manages expectations, results and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.
Strategically drives innovation to gain competitive advantage, taking calculated, entrepreneurial risks to achieve business outcomes. Generates an environment in which innovation is seamlessly embedded into working practices
Customers / Stakeholders
· Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.
· Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short and long term shifts in business/function patterns of activity and demand.
· Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.
Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy. Key relationships to include Functional heads across the other CTO functions and external account managers for third party suppliers and vendors, along with other regional counterparts across the globe, Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach.
Leadership & Teamwork
· Leads the technical direction of the Cyber Ops Integration team, making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value.
· Actively engages in a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify talent.
· Authentically engages a diverse group of stakeholders internally and externally to influence the achievement of best outcomes for all stakeholders.
· Builds rapport and mutual understanding to communicate and create opportunities for cross-business and/or international working, encouraging debate and open discussion. Encourages people to build sustainable relationships beyond transactional levels and use empathy and insight to build better understanding of mutual benefits.
Supports junior team members and contributes to the establishment of good coaching and mentoring practices. Demonstrates alternative techniques for diagnosing and coaching individuals and teams.
Operational Effectiveness & Control
· Governs risk responsibly. Promote ethical management of risk across regions and business areas within their teams.
· Communicates changes in policy and governance effectively, reinforcing risk processes within their team.
· Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their team.
· Embeds efficient risk and compliance processes and procedures into business as usual practices.
· Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.
· Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
· Supports the management of department finances. Accurately interprets strategic financial information: makes insightful decisions in financial planning and programme performance monitoring.
· Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate
Requirements
Skills
· An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
· An understanding of organisational mission, values and goals and consistent application of this knowledge.
· Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
· An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
· A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
· Self-motivated and possessing of a high sense of urgency and personal integrity.
· Highest ethical standards and values.
· Good understanding of HSBC cybersecurity principles, global financial services business models, regional compliance regulations and applicable laws.
· Good understanding and knowledge of common industry cybersecurity frameworks, standards and methodologies, including; OWASP, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards, and the MITRE ATT&CK Framework.
· Experience in a leadership position within a cyber-security operations team to include team and capability development, staff development, career management, and recruitment.
· Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organisation.
· Ability to speak, read and write in English, in addition to your local language.
Technical Skills
· Excellent knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, AV, EDR, Firewalls, Proxies etc.
· Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
· Excellent knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.
· Good knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google their associated security tooling/platforms.
· Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
· Excellent knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools such as Splunk Enterprise Security or Microsoft Sentinel. Knowledge of cloud based “data lake” solutions used for the collection and real-time advanced analysis of security information.
· Ability to identify, develop and track key performance indicator (KPI) and key control indicator (KCI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.
· Good knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.
Industry Experience and Qualifications
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
· Experience in a technical, cybersecurity related position, preferably in the finance or similarly regulated sector.
· Industry recognised cybersecurity related certifications including: CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP
· Formal education and advanced degree in Information Security, Cyber-security, Computer Science, or similar and/or commensurate demonstrated work experience in the same.
· Certified in the use and management of core security platforms such as SIEM, SOAR, EDR, XDR, NDR, Firewalls, Proxies etc.
· Core technical platform / OS certifications e.g. Windows, Linux, MacOS.
You’ll achieve more when you join HSBC.
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Issued by – HSBC Software Development India