Job description
If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
We are currently seeking an experienced professional to join our team in the role Threat and Controls Consultant Specialist
Role Purpose:
The Threat and Controls Assessment Specialist role will work as part of the global team to perform Threat Modelling on complex HSBC services and provide Consultancy for early project engagements.
This is a senior role reporting into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.
Main Activities:
- Perform effective threat and control assessments for complex services and platforms across the HSBC estate. This will include cloud platform reviews for AWS and Azure or GCP
- Liaise with Developers, Architects and other Technical Leads to understand the end-to-end service and identify where there is any control gaps.
- Provide technical security advice and guidance via the Cybersecurity Consultancy service.
- Work with the CSAT management team to enhance the Threats and Controls Assessment Service.
- Stay up to date within the industry of new trends and best practices.
- Provide supervision, guidance, and mentor less experienced members of the global team.
- Act as a point of contact and source of advice on issues relating to Cybersecurity within the team
Requirements
- 8 years of experience in Threat Modelling
- English Advanced
- Knowledge and exposure of Risk and Control Management
- Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders.
- Knowledge of different frameworks and methodologies including Threat Modelling using STRIDE and the MITRE ATT&CK Framework.
- Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications
Strong Technical background
- Expert hands on knowledge in one or more of the main Cloud Service Providers – Azure, AWS or GCP
- Proven experience in general security concepts and principles and application specific security concepts and principles.
- Proven experience working in a large scale, multi-national and technologically diverse environment
- Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets
- Strong understanding of applications design and architecture
- Strong understanding of Software Development Life Cycle (SDLC) with a focus on security
- Knowledge and experience with network, host and application security practices
- Understanding of emerging technologies and corresponding security threats
Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.
At HSBC we offer our colleagues a greater number of leave days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance and care.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
***Issued By HSBC Electronic Data Process Mexico Private LTD***