Job description

Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of IT Security Manager

Business: Cybersecurity

Principal responsibilities

Impact on the Business/Function 
Strategically drives innovation to gain competitive advantage, thinking differently to achieve business outcomes.  Generates an environment in which innovation is seamlessly embedded into working practices.  

Customers / Stakeholders
• Ensure the bank’s policies and practices prioritise business needs with a focus on securing platform infrastructure.
• Fully leverage automation and platform integration to deliver the best possible end user experience and frictionless data protection.
• Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.
• Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short- and long-term shifts in business/function patterns of activity and demand.
• Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.
• Respond promptly and effectively to data breaches or security incidents, minimizing impact on customers.

Leadership & Teamwork 
• Develop and implement a comprehensive strategy aligned with the bank's overall strategy and cybersecurity objectives.
• Provide visionary leadership to the team, fostering a culture of continuous improvement and innovation.
• Collaborate with senior leadership across the bank to ensure data protection initiatives support business goals, risk appetite and objectives.
• Manage the budget, ensuring efficient allocation of resources for optimum delivery.
• Supports the development of the team making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value.  
• Actively encourages a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify talent. 

Operational Effectiveness & Control 
• Governs risk responsibly. Promotes ethical management of risk across regions and business areas within their area of responsibility. 
• Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their area of responsibility.  
• Embeds efficient risk and compliance processes and procedures into business as usual practices.
• Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.  
• Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
• Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate.

• Define secure configuration baselines for database management system software, including but not limited to Oracle, Db2, SAP ASE, SQL Server, Db2 z/OS, MongoDB, and PostgreSQL, Teradata, HADOOP.
• Work with database technical subject matter experts to agree secure configuration baselines.
• Work with database technical subject matter experts to define/develop/implement checks for compliance scans.
• Work with database technical subject matter experts to provide remediation guidance for IT Service Owners.
• Work with the Configuration Baseline Management team to ensure they receive configuration compliance data.
• Interact with stakeholders across the organisation to understand their security needs and expectations. 
• Define and maintain capability strategy, supported by Enterprise Architecture, Security Architecture and, Control Owners, in response to business strategies, regulator expectations, technology and practice advancement, best practice, and threat actor evolution [will overlap with Architecture]. 
• Ensure success with delivery partners (in alignment with support functions). Runs / drives respective Delivery forum, QBRs, SteerCos and Capability PODs. 
• Maintain and prioritise a capability backlog based on objectives and value released to identify what teams work on next. Supports the prioritisation of backlogs from supporting technology and operations/service teams. 
• Lead vendor relationships with owned technologies.
• Evaluate and adopt new technologies and practices which may impact the capability's needs and/or control environment.
• Monitor and communicate progress of capability performance through agreed indicators and metrics.
• Close working with Control Owners: Oversees Control Owner activity from a technical point-of-view, e.g. accurate assessment of control defect severities. 
• Close working with Service Owners: understands general performance of associated services, exceptions, customer feedback and service uplift roadmaps. 
• Close working with Technology/Platform Owners: understands general performance of associated IT services, significant bugs, technology health, customer feedback and technology uplift roadmaps (including technical debt resolution).  
• Run a Pod per L2 capability with Architecture, Engineering, Service Delivery, Control Owner, Programme Manager, and Product Management 
• Own all medium-rated and below risk Control Issues, Audit points and Regulatory findings 

Requisitos

Knowledge & Experience / Qualifications

• Minimum 5 years’ in-depth experience with multiple database technologies from the list of Oracle, Db2, SAP ASE, SQL Server, Db2 z/OS, MongoDB, and PostgreSQL, Teradata, HADOOP.
• Demonstrated experience with database platform security.
• Minimum 2 years’ experience leading a technical team.
• Demonstrated understanding of and experience with Center for Internet Security (CIS) benchmarks.
• Strong stakeholder management skills, with demonstrated experience of understanding and meeting the needs of multiple stakeholders.
• Excellent communication skills, including the ability to translate complex technical concepts into business-friendly language.
• Customer-centric consultancy approach.
• Strong analytical and problem-solving skills.
• Ability to manage budgets and allocate resources effectively.
• Reliant and adaptive to changing situations, with strong desire to delegate and empower the team.

HSBCVZ/GZ*

About HSBC Technology China

We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems. 
 
You’ll achieve more when you join HSBC. 

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.” 

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. 

***Issued By HSBC Software Development (GuangDong) Limited***