Job Advert Details

Job Purpose

We are currently seeking a Security Assurance & Testing Manager, to join the HSBC Türkiye Cyber Security function and also be part of the global Cybersecurity Assessment and Testing (CSAT) function, to perform Threat Modelling on HSBC services.

This role will report into the Threats and Controls Assessment Regional Lead and HSBC Türkiye CISO, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.

Brief overview of the business areas

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams.

Key Responsibilities:

·        Perform effective threat and control assessments of services within our internal, external and cloud estate.

·        Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps.

·        Understand the Business requirements, evaluate potential products / solutions and provide technical recommendations.

·        Be "hands on" with technology and contribute to the design, development and the support of projects with security recommendations.

·        Identify threats across the IT estate; including applications, databases, network and other infrastructure components.

·        Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.

·        Contribute to process, procedures and tool identification/development.

·        Stay up to date with industry new trends and best practices.

·        Coordinate and oversight penetration tests activities of external service provider.

·        Consult HSBC’s software delivery vendors on improving their SDLC or DevSecOps processes and tooling for services provided to HSBC, aligning with shift left.

What you will bring to the role;

To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:

Mindset

·        An inquisitive approach, always asking how to achieve goals in a smarter and more effective way

·        Positive and professional attitude, team player, flexible and adaptable, embraces change

Good Risk and Controls understanding

·        Knowledge and exposure of Risk and Control Management

·        Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders

·        Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications

Strong Technical background

·        Proven experience in general security concepts and principles

·        Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets

·        Strong understanding of applications design and architecture

·        Knowledge and experience with network, host and application security practices

·        Good working knowledge of one or more of the Cloud Service Providers – AWS, GCP or Azure

·        Strong understanding of Software Development Life Cycle (SDLC) with a focus on security

·        Hands on experience with DAST, SAST tools and DevSecOps processes.

·        Experience in continuous improvement and process optimisation.

·        Understanding of emerging technologies and corresponding security threats

·        Experience of working in international and diverse environments

·        Experience in engaging with business, technology, regional and regulatory stakeholders

·        Ability to communicate to key stakeholders – effectively translating technical gaps into business risk

·        Self-motivated individual with strong analytical and problem solving skills

·        Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change

·        Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management


Qualifications
Certifications, Qualifications & Experience

  • 4 years university degree in information systems, or a related field or equivalent experience
  • Excellent command of English language
  • Object oriented programming knowledge
  • Strong technical understanding of computer technologies
  • Knowledge of business processes, planning and organisation
  • Good knowledge of risk management
  • A minimum of 10 years IT experience
  • A minimum of 5 years of solid IT Security experience
  • Project management experience
  • Professional certifications in IT Security (CISA, CISM, CISSP) are desirable
  • Analytical thinking, problem solving skills
  • Ability to work under pressure and within strict time limits
  • Strong technical leadership skills
  • Creative thinking

Back to search results