Job description
Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.
We are currently seeking an experienced professional to join our team in the role of Lead Cybersecurity Analyst.
Business: Cybersecurity
Principal responsibilities
Customers / Stakeholders
• Report progress and identify and raise any issues/risks, escalating as appropriate to enable satisfactory resolution.
• Build trusting relationships with stakeholders by consistently meeting and delivering upon their business needs; demonstrating and being respected for your domain knowledge.
• Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets. Those stakeholders include:
a. Supplier management analysts
b. Project managers from IT or the business
c. Management of Crypto Operation and Cybersecurity
Leadership & Teamwork
• As part of a global team, support peers around the world who deliver and maintain the bank’s cryptographic technology and the projects consuming the services by understanding their needs and delivering to them.
• Ensuring that work happens according to schedule and with minimal deviation from process.
• Ensuring that best practices are implemented and help the organization meet its own and external standards.
• Develop and contribute to crypto knowledge objects, procedures, and standard review.
Operational Effectiveness & Control:
• Act transparently in line with all appropriate standards.
• Ensure that the appropriate internal and external standards are complied with and that the risk of cryptographic compromise is always minimized.
• Liaise with the cryptography team’s internal control function.
• Design, implement and maintain internal controls regarding crypto infrastructure and key management.
• Plan and execute on project to improve the operational effectiveness and sustainability via automation and tooling.
• Ensure crypto related inventory controls (Safe, Key and HSM) are maintained.
• Plan and perform oversight review using the Internal Change Review Process, perform crypto assessments, review crypto related control process and procedures in accordance to global crypto standards.
Management of Risk (Operational Risk / FIM requirements)
• The jobholder will ensure the fair treatment of our customers is at the heart of everything we do, both personally and as an organization.
• This will be achieved by consistently displaying the behaviors that form part of the HSBC Values and culture and adhering to HSBC risk policies and procedures, including notification and escalation of any concerns and taking required action in relation to points raised by audit and/or external regulators.
• The jobholder is responsible for managing and mitigating operational risks in their day-to-day operations. In executing these responsibilities, the Group has adopted risk management and internal control structure referred to as the ‘Three Lines of Defense’. The jobholder should ensure they understand their position within the Three Lines of Defense, and act accordingly in line with operational risk policy, escalating in a timely manner where they are unsure of actions required.
• Through the implementation the Global AML, Sanctions and ABC Policies, supporting Guidance, and Line of Business Procedures the jobholder will make informed decisions in accordance with the core principles of HSBC's Financial Crime Risk Appetite.
• The following statement is only for roles with core responsibilities in Operational Risk Management (Risk Owner, Control Owner, Risk Steward, BRCM, and Operational Risk Function.
• The jobholder has responsibility for overseeing and ensuring that Operational risks are managed in accordance with the Group Standards Manual, Risk FIM, & relevant guidelines & standards.
• The jobholder should comply with the detailed expectations and responsibilities for their core role in operational risk management through ensuring all actions take account of operational risks, and through using the Operational Risk Management Framework appropriately to manage those risks.
This will be achieved by:
• Continuously reassessing risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
• Ensuring all actions take account of the likelihood of operational risk occurring, addressing areas of concern in conjunction with Risk and relevant line colleagues, and also by ensuring that actions resulting from points raised by internal or external audits, and external regulators, are correctly implemented in a timely fashion.
Observation of Internal Controls
• The jobholder will adhere to, and be able to demonstrate adherence to, internal controls and will implement the Group compliance policy by adhering to all relevant processes/procedures.
• The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
Able to align with existing ITIL process i.e.: Change Management, Incident Management, Release Management, Knowledge Management
Requirements
Knowledge & Experience / Qualifications
• Proven management of Information Technology, Cybersecurity and/or Cryptography technology.
• Proven ability to manage and deliver tasks and initiatives independently following DevOps of similar practices.
• Ability to communicate and collaborate with colleagues, stakeholder and 3rd parties locally and around the world. Proven business level proficiency in English and Mandarin, Cantonese would be a plus.
• Ability to lead and sustain changes to ensure lasting benefits.
• Ability to prioritize, report and resolve complex technical and business issue.
• Minimum 5 year of IT system management or project experience with emphasis in cryptography related technology such as hardware security modules, software encryption and key management solution. To ensure a successful career, the following IT experience combination are highly desired:
1. Hands on experience in development or deployment of cryptographic solutions.
2. Manage a sustain operation of on-premises IT assets
3. Design and implement IT solutions to ensure data security
4. Working knowledge in Unix/Linux and basic knowledge of networking
• Minimum 5 years of professional working experience in financial services industry, large corporations, technology vendors or international professional service firms.
• Ability to work off hours (Especially in weekends)
• Ability to commute to and from office and data centers.
HSBCVZ/GZ*
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.
Candidate with less relevant experience or skills may be offered a lower Global Career Band than stated above.
(Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.)
You’ll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.