HSBC Group

Business: Cybersecurity

Open positions: 1
Recruiter Name :  Veronica Zhong

Why join us?

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly delivers this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to the risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. threat modelling) and Third-Party Security Assessment. The function drives the identification, capture, assessment, testing/ verification and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams – on-premise, within the Cloud and for those resulting from 3rd party engagements.

What you’ll do: 

You will be a key part of the CSAT Vulnerability Management Reporting Team, aligning into the Head of the team. The role holder will be tasked with designing, building, and maintaining Cybersecurity reporting capabilities, and will be responsible for providing data insights, thematic reporting on large datasets.

Key Responsibilities

DATA
•    Performing quantitative and observational data analysis.
•    Documenting development efforts as required by change management practices.
•    Providing insights into large datasets – validation, data quality and metrics.
•    Accurately completing MI and other business data requirements and presenting supporting statistics / reports / returns to business / management within agreed timescales. 

REPORTING
•    Providing detailed and accurate reporting of Vulnerability data to help drive and prioritise risk based remediation.
•    Producing routine operational reports by exporting data from existing sources (Databricks and SQL Server).
•    Reviewing automated reports for data variances and creating/ implementing action plans to resolve identified issues. 
•    Ensuring clear and concise senior management reporting.
•    Maintaining operational documentation on what reports are available and how to access and utilise existing filters.
•    Maintaining the documents associated with the Standard Operating Procedures (SOPs) for the creation, maintenance, and alteration of standard management reports. 
•    Continual improvement in the depth and breadth of reporting capabilities against the Vulnerability Management control to support improvements in the bank’s security posture.
•    Thematic analysis of trending and identifying opportunities for control improvements through changes to or additional key control or risk indicator metrics.
•    Reporting Cybersecurity Metrics at all levels of the organisation 
•    Providing executive dashboards and senior management and board level
•    Designing and producing of Key Control Indicators (KRIs / KCIs / RIs / KMIs), working together with Global Cybersecurity Control Owners
•    Sourcing and providing a consistent commentary with business focus, highlighting key Cybersecurity themes across the group, supporting the metrics
•    Designing, building, delivering, and maintaining multiple MI report products for key Cybersecurity stakeholders.
•    Building and maintaining Cybersecurity MI knowledgebase on key controls information, data documentation, business processes, and team expertise.
•    Working Closely with Cyber Sciences & Analytics team to progress dashboard development
•    Attending key management meetings to support discussions of the reports and underlying data.
•    Supporting the preparation of required governance and control meeting submissions for Vulnerability Management reporting, and/ or information requests from regulators/ Audit/ 2LoD.
•    Ad hoc tasks as required; including support to other operational and governance activities within CSAT.

Link to Candidate User Guide: 
https://hsbchrdirect.service-now.com/esc?id=kb_article&table=kb_knowledge&sysparm_article=KB0171506&sys_kb_id=9991a4861bc399d4517b10e3b24bcbc8

You’ll achieve more at HSBC

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.” 

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. 

* The information contained in this job description is a true and accurate reflection of the job as specified.