Senior Consultant Specialist

Search Jobs
Senior Consultant Specialist

Job ID

0000L7H6

Location

Guangzhou, Mainland China

Area of interest

Technology

Job type

Fixed Term - Full Time

Work style

Hybrid Working

Opening date

23-Apr-2025

Closing date

30-Jun-2025

Job description

Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Senior Consultant Specialist

Business: Cybersecurity

Principal responsibilities

The Vulnerability Assessment SME is a key role within the Vulnerability Management team and the wider Cyber Security Assessment function. The role will report in to the Head of Vulnerability Management Assessment.

This role will provide ongoing assessment for newly identified vulnerabilities, and respond to business driven queries in relation to potential false positive vulnerability findings and /or guidance on mitigation approaches.

They will be responsible for supporting the delivery of operational requirements of the wider VM Assessment function and the interdisciplinary partnerships, leading the way in effective remediation and priority activities which pose a threat to the bank globally.

Additionally, they will need to closely collaborate with the Global Head of Vulnerability Management, Cyber Threat Intelligence, Incident Management and Response, Perimeter Security, Cloud Teams, Federated Control Owners, key stakeholders in the CCO Technology, 2LOD and 3LOD.
•Leading the review of all newly discovered vulnerabilities, to assess if the provided risk score is correctly reflecting the risk to HSBC.
•Monitoring external threat feeds to identify any newly reported external risks.
•Managing the review of assigned tickets, determining potential false positive and/ or mitigation on approaches, and providing expert guidance/ advice on remediation.
•Ensuring all patterns identified for remediation and/ or false positive identification, are clearly documented within the central tools and applied across the HSBC identified threat estate.
•Identify critical paths of operation, and ensure that they are followed to provide the most streamlined and efficient method of operating.
•Maintain operational documentation on what reports are available and how to access and utilise existing filters.
•Clear accountability and ownership of the Vulnerability Assessment key control indicators and key risk indicators.
•Supporting the commentary for routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs.
•Supporting Imminent threat review sessions.
•Engaging with the Global Head of Vulnerability Management, and relevant team members to review and gain approval for submissions and ensure information requests are aligned with the group risk appetite providing the expected responses.
•Ad hoc tasks as required; including support to CSAT operational activities, handling escalations and requests from any team or angle.

Requirements

Knowledge & Experience / Qualifications

•The ability to understanding, apply, and improve elements of the Vulnerability Management Lifecycle.
•The ability to use multiple toolsets to convey information, obtain data, and make it meaningful to future plans.
•Lateral thinking and creative form to deploy expertise in the uplift of people skills, process identifications, and technological adjustments.
•The ability to recognise threats and risk, and act with insight to deliver a core part of the Cyber Security Operational model in HSBC. Multiple functions will come together to ensure the safety of the bank and the ability to continue business under any circumstances.
•Ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
•Understanding and experience in the practical application and execution of:
-Vulnerability scanning technologies and their application (e.g. Nessus, SAST/MAST/DAST (Checkmarx, Netsparker, Fortify, IBM AppScan, etc.), Tenable.io, Security Center (or similar Vulnerability Scanning products), risk consolidation platforms).
-Vulnerability assessments, mitigation approaches and criticality ratings and how they are applied.
-Patch Management.
-Cyber security principles, global financial services business models, regional compliance regulations and laws.
-MS Excel to interrogate large data sets.
-SharePoint, Microsoft Teams and Confluence.
•Excellent organisational, administrative, analytical, and problem solving skills with the ability to work accurately and methodically whilst under pressure to meet deadlines.
•Instinctive and creative, with an ability to create and contribute to bespoke solutions.
•Flexible approach to shifting or competing priorities.
•Process orientated, outstanding organizational skills.
•Proven track record on delivering activities on time to a high standard.
•High level of integrity and strong ethical values.
•Pro-active, independent, collaborative team player with a positive attitude.
•Strong interpersonal skills with the ability to create and maintain relationships - Internal relationships extend to peers across other functions within IT and externally to HSBC global businesses, which include external relationships with vendors, typically audit, legal, and technology where the need arises.
•Experience of working in roles within Cyber Security Operations, Risk Management, and Governance, within a mid to large enterprise or equivalent organisation.
•Minimum of 3-5 years’ experience in working in IT Security or similar role.
•Ability to work remotely.

About HSBC Technology China

We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.

You’ll achieve more when you join HSBC.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Software Development (GuangDong) Limited***

Back to search results

Join our Talent Community so that we can keep you updated and informed of the latest happenings at HSBC.