HSBC Group

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Vulnerability Assessments – Senior Consultant Specialist

In this role, you will:

• Leading the review of all newly discovered vulnerabilities, to assess if the provided risk score is correctly reflecting the risk to HSBC.
• Monitoring external threat feeds to identify any newly reported external risks.
• Managing the review of assigned tickets, determining potential false positive and/ or mitigation on approaches, and providing expert guidance/ advice on remediation.
• Ensuring all patterns identified for remediation and/ or false positive identification, are clearly documented within the central tools and applied across the HSBC identified threat estate.
• Identify critical paths of operation and ensure that they are followed to provide the most streamlined and efficient method of operating.
• Leading and managing thematic reviews in order to drive and maintain systematic uplifts and enhancements to CSAT and wider inter-operational units that help protect the bank.
• Maintain operational documentation on what reports are available and how to access and utilise existing filters.
• Conduct holistic reviews of the overall baseline security posture.
• Clear accountability and ownership of the Vulnerability Assessment and Response key control indicators and key risk indicators.
• Contribute to and inform requests from Regulators, Internal/ External Audit, and 2LOD challenges/ Papers.
• Supporting the commentary for routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs.
• Supporting Imminent threat review sessions, and deputising for the chair when required.
• Engaging with the Global Head of Vulnerability Management, and relevant team members to review and gain approval for submissions and ensure information requests are aligned with the group risk appetite providing the expected responses.
• Adhoc tasks as required, including support to CSAT operational activities, handling escalations and requests from any team or angle.

To be successful in this role, you should meet the following requirements:

• The ability to understanding, apply, and improve elements of the Vulnerability Management Lifecycle.
• The ability to use multiple toolsets to convey information, obtain data, and make it meaningful to future plans.
• Lateral thinking and creative form to deploy expertise in the uplift of people skills, process identifications, and technological adjustments.
• The ability to recognise threats and risk, and act with insight to deliver a core part of the Cyber Security Operational model in HSBC. Multiple functions will come together to ensure the safety of the bank and the ability to continue business under any circumstances.
• Ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
• Understanding and experience in the practical application and execution of:
  • Vulnerability scanning technologies and their application (e.g. Nessus, SAST/MAST/DAST (Checkmarx, Netsparker, Fortify, IBM AppScan, etc.),
  • OWASP top10 and SANS top25 vulnerabilities and their mitigations
  • Tenable.io, Security Center (or similar Vulnerability Scanning products), risk consolidation platforms).
  • Vulnerability assessments, scoring and ratings and how they are applied.
  • Patch Management.
  • Business and architectural design, including controls analysis, process flows and data flows.
  • Cyber security principles, global financial services business models, regional compliance regulations and laws.
  • Cryptography, SSL/TLS, Encryption.
  • MS Excel to interrogate large data sets.
  • SharePoint, Microsoft Teams and Confluence.
• Excellent organisational, administrative, analytical, and problem-solving skills with the ability to work accurately and methodically whilst under pressure to meet deadlines.
• Instinctive and creative, with an ability to create and contribute to bespoke solutions.
• Flexible approach to shifting or competing priorities.
• Process orientated, outstanding organizational skills.
• Proven track record on delivering activities on time to a high standard.
• High level of integrity and strong ethical values.
• Pro-active, independent, collaborative team player with a positive attitude.
• Strong interpersonal skills with the ability to create and maintain relationships - Internal relationships extend to peers across other functions within IT and externally to HSBC global businesses, which include external relationships with vendors, typically audit, legal, and technology where the need arises.
• Experience of working in roles within Cyber Security Operations, Risk Management, and Governance, within a mid to large enterprise or equivalent organisation.
• Minimum of 8+ years’ experience in working in IT Security or similar role.
• Ability to work remotely. 

You’ll achieve more when you join HSBC.

www.hsbc.com/careers 

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by – HSBC Software Development India