HSBC Group

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people’s money and data safe and are at the forefront of driving innovation for our businesses, customers, and colleagues. Within GCIO, our cybersecurity team designs, implements, and operates controls to manage risk. This team provides local inputs to define our group cyber security standards, oversee the security of our network, applications, and infrastructure, provide round-the-clock monitoring and security incident response services.

People responsibility: N

Report to: Chief Information Security Officer (CISO)

Role Purpose

-The role is responsible for operating as part of a global/regional team within Cybersecurity to define and implement an industry-leading Cybersecurity Service that supersedes our constantly changing information security threats.

-The key responsibilities include managing Governance & Reporting, Information Security Risk and Remediation, Secure Business Transformation, Compliance to local legal entity regulations.

-The role is a key point of contact for managing Information and Cybersecurity risks and controls (including cyber owned and non-cyber owned controls), relating to their governance, operation, monitoring and reporting.

In this role, you will:

Job content:

-Protect the bank via proactive Cybersecurity risk reduction actions.

-Make Informed and educated risk decisions, balancing commercial / financial institution risk vs reward security decisions.

-Drive sustainable growth and develop Cybersecurity awareness, engaging with colleagues across the functions and businesses departments to deliver sustainable Cybersecurity solutions.

-Leads and facilitates change through effective communication, preparation, and implementation.

-Work with key stakeholders (IT and business) to proactively drive the reduction in Cybersecurity risks and to improve the security risk posture of HSBC within the business risk appetite.

-Educated to degree level, within IT (Cybersecurity specialist). Industry qualifications (CISSP, CISA, CISM).

-Regulatory engagement, experience in dealing with compliance matters, and regulatory liaison and knowledge on Asia Pacific regulatory requirements, and in-depth knowledge on Taiwan regulatory requirements.

-Ability to build strong relationships and communicate on complex Cybersecurity issues with a wide spectrum of stakeholders across local, regional, and global levels.

-Positive and professional attitude, team player, flexible and adaptable, open to change(s); good spoken and written English and Chinese communication, and ability to adapt style based on audience.

-Comprehensive understanding of banking and security in context of wider industry trends and direction, along with understanding of business finance and experience of effective management of budgets and expenditure..

-GPAD (Group Personal Account Dealing) Covered.

-To be fulfilled after onboarding: 每年至少應接受十五小時以上資訊安全專業課程訓練或職能訓練 (資訊安全專責單位人員)

Opening up a world of opportunity.