HSBC Group

Role Purpose

The HK, Rest of Asia & Middle East Chief Information Security Officer (CISO) is responsible for the execution and continuous improvement of a best-in-class, Cybersecurity capability across HK, Rest of Asia & Middle East business and all market jurisdictions it is responsible for as well as operates within. The role involves translation of highly technical Cybersecurity concepts into consumable language, in order to drive continuous assessment of cybersecurity and information risk in light of established risk appetites and a constantly evolving cyber-threat landscape. 

The HK, Rest of Asia and Middle East business is extremely complex from a cybersecurity perspective and requires a senior experienced leader, due to the multiple legal entity structure across Asia and MENAT (c35 different legal entities) and the significant number of challenging regulatory bodies and cyber-security expectations across the different markets.  In addition, the HK, Rest of Asia and Middle East CISO will be accountable for overseeing and improving the cybersecurity posture of the most profitable HSBC business, HK retail banking, who is responsible for 50% of the Bank’s profit. Additionally, in line with the Bank’s growth strategy in this business area, we need to ensure the business and technology teams maintain the appropriate risk and control standards alongside customer growth. 

The HK, Rest of Asia & Middle East CISO will manage a team of staff which is commensurate with the nature of the assigned GBGF, including its size, scope, and jurisdictional exposure.  The HK, Rest of Asia & Middle East CISO reports into the Group CISO who is responsible for circa 2200 staff and an annual operating budget of approximately $480 million.   

Principal Accountabilities:

• The HK, Rest of Asia & Middle East CISO assists with definition of the global Cybersecurity strategy and ensures its execution through HK, Rest of Asia & Middle East and Globally-led programmes that provide adequate, embedded, and effective protection of the firm’s information and technology assets.  To achieve these goals, the HK, Rest of Asia & Middle East CISO must possess significant senior executive management experience delivering a best-in-class cybersecurity practice in large and complex, multinational organizations.  In addition, the HK, Rest of Asia & Middle East CISO will be required to represent evidence that demonstrates control and operational effectiveness within HK, Rest of Asia & Middle East to various Board-level committees as well as applicable financial services regulators in the markets the function operates within.

• The role holder will:
  • Possess an entrepreneurial approach solving complex information and cybersecurity challenges, strong visionary leadership and communication skills, coupled with deep domain knowledge of information and cybersecurity best practices, experience of embedding these within an organization, and be able to drive a security-first culture across all aspects of the assigned business and market
  • Manage stakeholders including the HK, Rest of Asia & Middle East CIO, Market/Entity Board(s), HK, Rest of Asia & Middle East COO(s) and HK, Rest of Asia & Middle East CEO(s) as well as with Cybersecurity Leadership and staff, and external bodies. These include key regulators which apply HK, Rest of Asia & Middle East and its associated jurisdiction(s).
  • Ensure appropriate oversight mechanisms and high standards of internal control, to ensure the identification of emerging threats in the Cybersecurity landscape are in place.
  • Provide HK, Rest of Asia & Middle East ownership and implement Cybersecurity best practice, standards and governance frameworks, mapping and adjusting controls to the evolving Cyber threat landscape. The position enhances operational controls, ensuring appropriate tools, Cybersecurity frameworks are adopted, assigned to and owned by stakeholders across HK, Rest of Asia & Middle East.
  • Act as a single point of contact for Cybersecurity risk reporting to relevant Board(s), Committees, and other governance forums, as appropriate
  • Drive customer focus, leading a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seeks opportunities to maximise Cybersecurity strategy to improve HK & Middle East operations
  • Set the tone and direction of HK, Rest of Asia & Middle East’s Information and Cybersecurity practices and assist with definition of global Cybersecurity standards across the entire HSBC Group to proactively increase Cybersecurity awareness, ownership and Cyber risk reduction
  • Focus on HK, Rest of Asia & Middle East First Line of Defence activities across Identify, Protect, Detect, and Respond pillars of the NIST Framework
  • Ensure continuous assessment and improvement of the control environment relative to the evolving Cyber threat landscape
  • Work with stakeholders HK, Rest of Asia & Middle East to support the resolution / remediation of security incidents
  • Drive continuous engagement with HK, Rest of Asia & Middle East senior executive management (such as COOs and CEOs) to provide expert knowledge that influences how to best manage information and cybersecurity risk exposure within business risk appetite, which will impact on their wider organisations

Essential Experience:

• Technical Experience: Significant, industry leading subject matter expertise in Cybersecurity together with a broad technology and risk management experience. This includes but is not limited to cybersecurity control design and implementation, operational process and incident response.
• Stakeholder Management: Extensive leadership experience within fast-moving, complex and demanding corporate environments where Cybersecurity issues have to be handled on a large scale. Experience managing board level stakeholders and of direct regulatory engagement.
• Leadership: Experience of having led international projects/initiatives with a team of Cybersecurity professionals, raising standards within the function and improving the profile of Cybersecurity across a large, complex, international organisation.  Ability to motivate people and transform the function into a world-class Cybersecurity organisation

Essential Capabilities:

• Business Insight & Decision Quality: Applying knowledge of business and the market to making good and timely decisions that keeps the organization moving forward.
• Strategic Mindset: Seeing ahead to future possibilities and translating them into breakthrough strategies.
• Action Oriented: Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.
• Builds Effective Teams: Building strong-identity teams that apply their diverse skills and perspectives to achieve common goals.
• Persuasion & Conviction: Using compelling arguments to gain the support and commitment of others; stepping up to address difficult issues and saying what needs to be said.
• Manages Ambiguity & Ensures Accountability: Operating effectively, even when things are not certain, or the way forward is not clear; holds self and others accountable to meet commitments.
• Graduate Degree is mandatory to be able to secure a Visa/ Work permit for UAE

Kindly share your resume in pdf format if possible.