HSBC Group

The Risk & Compliance function is a Second line of defence (LOD) function, responsible for reviewing and challenging the activities of the Group’s businesses (also referred to as “the First LOD”) to ensure that they effectively manage as “Risk Owners” the risks inherent in or arising from the conduct of their activities and for which they are responsible. The Second LOD consists of 'Risk Stewards' who are independent of the commercial risk-taking activities undertaken by the First LOD. The Risk & Compliance function is a Risk Steward for a number of non-financial risks in accordance with HSBC Group’s risk framework.

The role holder is also primarily responsible for ensuring that Taiwan adheres to standards for the management of operational risk as set out in the Regional framework for Enterprise Risk and Operational Risk Management, and that Resilience Risks are managed within appetite.

People responsibility: Y

Report to: CRO, Taiwan

• Oversight of Active Risk Management in the market based on the regional defined approach, supported by Subject Matter Experts and regional management.  This will cover acting as an effective risk steward across the resilience risk taxonomy and to apply risk stewardship review and challenge over Resilience Risk RCAs and control environment;
• Responsible providing advice and guidance as it relates to the Risk Management Framework (RMF), and provide timely escalation of potential breaches;
• Provide robust challenge and actionable, contextual guidance across all non-financial risks to ensure management of risk within appetite and enablement of business growth and to ensure that risk and control environment is commensurate with the scale and nature of operations. This may include reporting into and presenting in the Taiwan Risk Management Meeting;
• The role may interact with regulators and industry bodies related to Resilience Risk matters
• Ensure the integrity and timely completeness of risk and control identification, assessment and information within the Group’s Risk and Control system of record (Helios) as well as directing documented remediation plans for residual risks;
• Responsible for developing and promoting an increasingly insightful process based view of Enterprise Risk Management. Monitor internal and external risk trends and events, provide insights and learnings, and ensure that mitigating strategies and policies are developed;
• Attend Taiwan control meetings and non-financial risk governance forums, providing both Operational Risk oversight and robust and timely Risk Steward challenge of the First Line of Defence (1LOD) view of the resilience risk profile as required. Act as the chair of the Taiwan Operational Risk Control Management Meeting;
• Provide 2LOD oversight of top and emerging risks, ensuring Taiwan can mitigate these timely and cost effectively;
• Line manager of 1 FTE. Direct and support Taiwan on their Enterprise Risk Management and acts as a key contact and escalation for senior stakeholder engagement throughout Taiwan, making sure delivery is consistent and of high quality;
• In line with building a fungible Risk & Compliance team, other responsibilities and tasks may be required;

• Strong level of business knowledge, with relevant experience in at least one of the underlying resilience risk disciplines (eg. third party management, cybersecurity, data privacy);
• Knowledge of the external environment;
• Ability to communicate effectively, build strong relationships and influence key internal and external stakeholders - by articulating compelling arguments, positions, strategy and vision;
• Strong collaborative approach, including cross-team and cross-borders;
• A change agent who challenges the status quo as a robust diplomat; cogently, constructively and positively, leading relevant strategies that enable safe growth of HSBC;
• Curious and a self-motivated learned willing to understand more about the external and internal environment to find innovative approaches to manage risk;
• Competent English and Chinese (Mandarin) speaker, with ability to read and understand regulatory communications;
• Even if you feel you do not meet 100% of our qualifications, we encourage you to apply, if you believe this role is right for you.