Descripción
If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
We are currently seeking an experienced professional to join our team in the role of Third Party Security Assessment – SME
Role Purpose:
Cybersecurity is responsible for enabling businesses and functions to manage their information, technology, and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to the risk management framework.
The Cybersecurity Assessment and Testing (CSAT) function, part of Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. threat modelling) and Third-Party Security Assessment. The function drives the identification, capture, assessment, testing/verification and ultimately the remediation of security defects, gaps, and vulnerabilities across HSBC’s estate in concert with business and technology teams – on-premises, within the Cloud and for those resulting from 3rd party engagements.
Main Activities:
- The Cybersecurity SME will work Third Party Security Risk assessments which may involve proof of concept, complex and multiple services or very high- or high-risk vendors.
- Develop as a SME and help to inform wider embedding and training on new process flows and products used in TPSA.
- Support Control Officers, Risk Stewards, Internal and External Audit, and Regulators with any relevant reviews, examinations, and information requests.
- As a Consultant/SME within both CSAT and Cybersecurity, the role-holder will be expected to contribute to, be an ambassador for, and to drive delivery of the cybersecurity strategy.
- The role functionally reports into the Regional Head of Third-Party Security Assessment with functional accountability to the US for assessments assigned,
- The candidate will be able to demonstrate strong knowledge and collaboration abilities; communication in business English – both in verbal and written form; an obsession for delivering high-quality outcomes, whilst often under pressure/at pace; constant curiosity and drive to ensure repeatable outcomes are more effectively achieved. The role holder may be required to engage with senior stakeholders including Technology and Cybersecurity leadership in regions; stakeholders across all lines of defence: Chief Controls Office Technology, 2LoD Resilience Risk and 3LoD Internal Audit teams, and will be required to support regulatory examinations.
Requisitos
Mindset
- An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
- Resilient and self-driven, capable of informing and driving change.
- Positive and professional attitude, team player, flexible and adaptable.
- Good Risk and Controls understanding
- Knowledge and exposure of Risk and Control Management frameworks and control design and execution, in theory and practice.
- Ability to understand and articulating defects, threats, and technical gaps to both technical and business stakeholders.
- Bachelor’s degree and/or similar experience, preferably in IT security in the Financial Services industry or global corporate service provider
- Have one or more industry-recognised cybersecurity-related certifications including CISA, CISM, CISSP, CRISC and CCSP etc.
- A demonstrable technical understanding in Cloud Security (particularly for SaaS) is desired.
- Strong stakeholder management and communications skills
- Experience in third party / supply chain governance
- Experience of working in international and diverse environments
- Experience in engaging with third parties, business, regional and regulator stakeholders.
- Ability to communicate to and influence executive leadership – effectively translating technical gaps into business risk.
- Ability to prepare concise updates, reports, and presentations for senior management.
- Ability to manage multiple projects and priorities concurrently.
Interpersonal Skills
- Influential, credible, and persuasive, active listener, embraces HSBC Values, shows good judgement, and demonstrates high level of communication skills in order to achieve effective stakeholder management.
Competences
- Work as a team
- Independent
- Provide Guidance
- Active Listener
- Good Communication
At HSBC we offer our colleagues a greater number of leave days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance, and care.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
***Issued By HSBC Electronic Data Process Mexico Private LTD***