HSBC Group

If you are a UK or CIIOM based employee, please apply using the following link which will take you to our new Recruitment System:   https://performancemanager.successfactors.eu/sf/jobreqpvt?jobId=4445&company=hsbcholdin&st=E821F96BB31FBE79FFE64E85E8552B261A1A2A60

Join a digital first bank that’s powered by people.
 
Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.
 
We have an entrepreneurial mindset. Our people work together, creating an agile, collaborative, and innovative culture. You’ll learn and expand your skills, plus we will support you every step of the way as you grow your career.
 
We are seeking an experienced Cyber Governance and Risk Subject Matter Expert (SME) to strengthen our cybersecurity governance framework and enhance risk management practices.
 
This role will focus on third-party risk management, business engagement, and driving behavioural change to establish risk ownership and accountability across the organization.
 
The ideal candidate will bring deep expertise in cyber governance, risk assessment, and stakeholder collaboration to ensure robust security practices align with business objectives.
 
This role will play a pivotal part in managing cybersecurity operations, driving performance metrics, and fostering collaboration with internal teams and external partners.
 
A move across the business allows you to continue to access tailored professional development opportunities, and our fantastic benefits packages.
 
In this role you will:
 
•    Act as a subject matter expert in cyber governance, risk management, and compliance, with a strong emphasis on third-party risk.
•    Develop, implement, and maintain governance frameworks, policies, and procedures to mitigate cybersecurity risks, including those posed by vendors and external partners.
•    Assess and monitor third-party risk through due diligence, audits, and ongoing oversight, ensuring compliance with organizational and regulatory standards.
•    Engage with business units to foster a culture of risk awareness, driving behavioural changes to embed accountability and ownership of cybersecurity risks.
•    Partner with stakeholders to identify, assess, and prioritize risks, translating findings into actionable strategies and remediation plans.
•    Facilitate workshops, training sessions, and communications to educate teams on governance principles, risk management, and their roles in maintaining security.
•    Collaborate with leadership to align cyber risk strategies with business goals, ensuring clear accountability structures are in place.
•    Track and report on risk metrics, governance effectiveness, and third-party performance to senior management and relevant committees.
•    Stay current on industry trends, regulatory requirements, and emerging threats to proactively enhance risk and governance practices.

To be successful in this role you should meet the following requirements:
 
•    Extensive experience in cybersecurity operations or service delivery management and Third Party Security Assessment is mandatory
•    Proven track record of engaging with business stakeholders to influence behaviour and establish risk ownership.
•    Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC 2, PCI-DSS) and their application to governance and risk.
•    Experience conducting third-party risk assessments, vendor evaluations, and contract reviews.
•    Firsthand experience with JIRA, ServiceNow (workflow/ITSM), SureCloud (GRC), PowerBI (data visualization), and BitSight (third-party risk management).
•    Strong analytical skills with the ability to interpret complex data and translate it into meaningful reports and recommendations
 
This role is based in Sheffield.
 
If you are an HSBC Contractor and wish to apply to this role, click here.

Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces. Our recruitment processes are accessible to everyone - no matter their gender, ethnicity, disability, religion, sexual orientation, or age.
 
We take pride in being part of the Disability Confident Scheme. This helps make sure you can be interviewed fairly if you have a disability, long term health condition, or are neurodiverse.
 
If you’d like to apply for one of our roles and need adjustments made, please get in touch with our Recruitment Helpdesk:
 
Email: hsbc.recruitment@hsbc.com
Telephone: +44 207 832 8500.

You can find out more about the recruitment journey and what to expect by viewing our Recruitment Process FAQs in HR Direct and by clicking here (only available via internal access).