HSBC Group

GCB 3

Some careers open more doors than others.

If you’re looking to unlock new job opportunities, take a look at the possibilities right on your doorstep here at HSBC.

Global Risk is a thriving and expert risk management function supporting HSBC globally with all aspects of risk management. The team actively manages a varied and dynamic range of risk types, including security, fraud, information security, contingency, geopolitical, operational, credit, pension, insurance, market and reputation risks. All parts of the Global Risk team use their skills, insight and integrity to handle established threats and those they see emerging, acting to protect and enable HSBC to deliver sustainable growth. 

We are currently seeking an experienced individual to join our Risk and Compliance function in the role of Director, ERM Asia and Middle East Data Risk and Third Party.

Role purpose

• Global Enterprise Risk Management (ERM) is a sub function of Group Risk and Compliance. Its purpose is to make sure HSBC is equipped with a coherent Risk Management Framework, Risk Taxonomy and the tools to enable it to understand and operate within its Global Risk Appetite and effectively manage its overall risk position. It seeks to strengthen the risk culture across the organisation through driving consistent risk management practices across our businesses and functions at global, regional and market level. ERM achieves this through robust oversight and stewardship of the end-to-end processes, risks, and controls ensuring it complies with risk, business and regulatory priorities. Enabling the bank to grow safely, be forward looking, and meet its strategic objectives.

• The role holder is responsible for ensuring Data Risk across Asia and the Middle East is managed, embedded and adheres to the defined standards as per the appropriate frameworks, policies, procedures and regulatory requirements. In addition, the role holder is responsible for ensuring Third Party Risk across Asia and the Middle East is managed, embedded and adheres to the defined standards as per the appropriate frameworks, policies, procedures and regulatory requirements.

Accountabilities for Business, Customers and Stakeholders

Data Risk

• The role holder will be the primary point of accountability for Active Risk Management, including:
• Provide technical advice and support globally to ensure stakeholders understand and are aware of the control environment and assessment of data risk globally commensurate with the scale and nature of operations
• Support the ERM Business & Functions team to explain in non-technical terms the impact of issues or events, and top and emerging risks that may require changes (for example, to controls, resources or business operations) to remain within respective risk appetites
• Support the ERM Business & Functions teams to ensure risk and control owners have clear understanding of the effectiveness of the current control environment
• Monitor the local external environment to get early sight of emerging data risks and provide detailed guidance on controls required to mitigate against them. Build and maintain relevant cross-organisation and industry relationships
• Deliver tailored and specific expertise across data risk enabling 1LOD to successfully deploy and operate mitigating key controls
• Provide technical guidance to support development and completion of ERM and regulatory reporting obligations (e.g. RAS, top & emerging risks, risk profile reporting, RMM, Board reporting where relevant, etc.)
• Ensure the root cause of relevant global operational risk issues and events are fully understood and correctly treated
• Ensure any concerns with key controls and material change programmes, relevant to data risk, are understood and escalated as needed
• Work in conjunction with the ERM Business & Functions teams and 1LOD to escalate any matters when needed
• Lead regulatory and audit engagement pertaining to data risk; ensure regulatory compliance for the data risk and timely completion of audit actions and finding
• Support training and capability uplift for the ERM Business & Functions teams to ensure robust understanding of data risks

Third Party Risk

• Provide technical advice and support globally to ensure stakeholders understand and are aware of the control environment and assessment of third-party risk across Asia and the Middle East commensurate with the scale and nature of operations
• Support the ERM Asia and Middle East Business & Functions team to explain in non-technical terms the impact of issues or events, and top and emerging risks that may require changes (for example, to controls, resources or business operations) to remain within respective risk appetites
• Lead the ERM Asia and Middle East Business & Functions teams to ensure risk and control owners have clear understanding of the effectiveness of the current control environment
• Monitor the local external environment to get early sight of emerging third-party risks and provide detailed guidance on controls required to mitigate against them.
• Deliver tailored and specific expertise across third party risk enabling 1LOD to successfully deploy and operate mitigating key controls
• Provide technical guidance to support development and completion of ERM, regional and regulatory reporting obligations (e.g. RAS, top & emerging risks, risk profile reporting, RMM, Board reporting where relevant, etc.)
• Ensure the root cause of relevant global operational risk issues and events are fully understood and correctly treated
• Ensure any concerns with key controls and material change programmes, relevant to third party risk, are understood and escalated as needed
• Work in conjunction with the ERM Asia and the Middle East Business & Functions teams and 1LOD to escalate any matters when needed
• Lead regulatory and audit engagement pertaining to third party risk; ensure regulatory compliance for the third-party risk and timely completion of audit actions and findings
• Deliver training and capability uplift for the ERM Asia and Middle East Business & Functions teams to ensure robust understanding of third-party risks.

Leadership & Teamwork

• Represent ERM to Global Business, Regional and Functional Executive Management and Board members.
• Provide a forward-looking agenda, including horizon scanning, for emerging risks and challenges that ERM and the Bank may face.
• Provide oversight to the First-line’s adoption of Standards, Processes and Procedures required to implement the Policy objectives across the Group and support the embedding of the Risk Framework by working with the Risk Control owners in their area.
• Provide robust oversight, formal input, challenge, and guidance to first-line risk and control owners across entities and countries within the Group enabling business growth and innovation while maintaining risk within appetite.
• Communicate across technical, business, and strategic levels to ensure that stakeholders understand how their delivery is aligned with the Bank and ERMs strategic goals.
• Lead global teams, including the day-to-day management of your direct and indirect team members, driving positive Risk culture behaviours including, supporting, guiding and mentoring all colleagues working as part of global virtual teams.
• Support the recruitment and retention of colleagues, including succession planning, talent management and performance management, ensuring continuously driving improvement in employee engagement, diversity and inclusion.
• Build effective relationships with local Regulators to keep abreast of trends in the management of risk, supporting efforts to drive HSBC’s position in this context and ensure HSBC’s views are considered in consultations and other rule-making processes.
• Lead on the relevant Transformation Programmes within the Group by proactively engaging and assisting in the identification and mitigation of risk. This includes early intervention in new designs to ensure Risk is considered from the beginning.
• Partner with other oversight functions and Internal / External Audit to ensure a holistic view of risk profile. Including leading on the delivery and closure of Audit points and Management Self-Identified Issues.
• Own the alignment and embedding of relevant services delivered by the service catalogue ensuring consistent implementation across entities, countries and markets, as appropriate.
• Effectively communicate with large number of internal (first line, senior management, audit) and external (external auditors, regulators) stakeholders on risk identification, governance, and management.
• Improve efficiencies through standardisation under the global framework, including maintaining cost and headcount discipline.

Functional Knowledge

Knowledge and Experience:

• Experience in risk management at a Globally Significant Financial Institution (GSFI).
• Understands the risk landscape of HSBC Group and its commercial context and strategic ambitions and the importance of the maintenance and management of key frameworks.
• Very strong knowledge of the relevant regulatory landscape and ability to assess the impact of proposed changes in regulatory rules to the bank, especially those that will impact the Risk appetite, data risk and third party risk.
• Extensive knowledge of a financial institutions business model, products and key risk drivers and a demonstrated ability to effectively balance risk management, regulatory expectations, and commercial pragmatism.
• A deep understanding and technical expertise of developing, embedding and maintaining risks, including data and third party risks and how these risks can be identified, assessed, monitored and controlled and mitigated where relevant.
• Ability to lead and promote a strong risk control culture and develops communication strategies to improve risk awareness.
• Significant experience of establishing and maintaining external relationships ideally with regulators.
• Proven ability to develop strong networks with key stakeholders at all points in a matrix structure, creating an ability to execute task at hand with minimum conflict.
• Leading a multi-locational team of professionals.
• Providing expert advice and robust challenge by delivering risk management policies and managing risks and controls. 

Skills:

• Ability to present complex technical concepts and results to non-technical audiences in a persuasive and compelling manner.
• Team-oriented mentality combined with ability to complete tasks independently to a high-quality standard.
• A change agent who challenges the status quo diplomatically, constructively and positively in order to lead relevant strategies that enable safe growth of HSBC.

Qualifications:

• Relevant data qualifications/certificates and/or experience.
• A BA or BS University Degree, advanced degrees preferable, (e.g. MBA, MSc, PhD)

Leadership Capabilities:

• Navigating: understand and translate strategy into own Function, aligning directions accordingly.
• Aspiring: be ambitious about providing the highest standards of delivery and embedding the culture in the business.
• Driving: set stretching goals for self and business delivering them with courage and tenacity.
• Mobilising: authentically engage with team, colleagues and business partners to deliver at pace.
• Sustaining: make considered decisions that protect and enhance HSBC values, reputation and business.

Your local internal application policy should be followed. For more information, you can visit HRDirect and search for content "HKG: Do I need any approval to look for internal career opportunities?". 

Opening up a world of opportunity 

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. 

Issued by The Hongkong and Shanghai Banking Corporation Limited.