Job description
Business: Cybersecurity
Open Positions: 1
Recruiter Name: Veronica Zhong
Why join us?
Technology teams in the UK work closely with our global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. They also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.
Our multi-disciplined teams include: DevOps engineers, IT architects, front and back-end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
Cybersecurity is responsible for fielding solutions that help defend HSBC against a wide range of threats to the business as well as its customers, clients, partners, and staff. The team works in concert, with partner teams across HSBC, to implement novel defensive capabilities that are effective and adaptable against a constantly evolving threat landscape. The function operates under the vision: “Enabling HSBC to be safely successful everywhere the Firm chooses to do business.
Global Defense – Cybersecurity Engineering and Operations is comprised of several inter-joined teams: Technical Directors Office (TDO), Site Reliability Engineering (SRE), Global Defense Governance & Delivery (GDD), Global Cybersecurity Operations (GCO) and Cybersecurity Intelligence & Threat Analysis (CITA). Together, the function enables an adaptive and constantly evolving capacity to address risks borne through an ever-shifting threat landscape. The function serves as an engine for innovation and problem solving with partner teams across the Firm who share a common imperative to be the best for our customers and drive the Global HSBC Purpose of “Opening up a world of opportunity.”
The Opportunity:
A move across the business allows you to continue to access tailored professional development opportunities, and our fantastic benefits packages. The role will be based in Guangzhou but some travel may be required to Krakow. This role supports Hybrid working.
We believe that being open to a range of perspectives and cultures is vital for our business. We work hard to ensure our diverse and inclusive workplace reflects the communities we serve. We want everyone to achieve their potential – regardless of their gender, ethnicity, disability, religion, sexual orientation or age. If you have a different way of seeing the world, we are interested in hearing from you.
HSBC is committed to being an inclusive employer and providing an inclusive and accessible recruitment process for all. We will provide reasonable adjustments to remove any disadvantage to you being considered for this role. We are proud members of the Disability Confident Scheme and will offer an interview to disabled candidates who meet the minimum criteria for the role.
What you’ll do:
The Control Owner for the Cryptography (CRYP) control is accountable for but not limited to the following:
· Providing the first line of defense (1LOD) for the organization for all matters relating to Cryptography controls. Drive implementation of controls to protect the groups key data.
· Risk Management: Maintaining the accuracy and alignment of the CRYP control to the banks Risk Control framework.
· Controls Governance: Control Design and Continuous Control Monitoring - MPs/OIs enhancements, Control effectiveness rationale. Managing, reporting, and improving performance metrics (KCIs).
· Compliance: Ensure Cryptography controls align with relevant regulations, standards, and industry best practices, and support compliance efforts. Maintain internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
· Stakeholder Management: 2LoD/3LoD engagement - Responding to informal control queries and formal review and challenges and observations. Collaborate with senior stakeholders to facilitate understanding and alignment of CRYP control objectives, including business units, audit and regulators. Providing specialist knowledge and timely feedback, working in partnership with those stakeholders.
· Cross Controls Collaboration: Foster a community of collaboration/knowledge sharing across all Control Owners in Global Defense - understanding the implication a change in one control area has on other control areas. Building and maintaining constructive working relationships with a diverse community of technical and non-technical audiences.
· Training and Awareness: Develop and deliver training and awareness programs to educate stakeholders and communities within Cyber about the Cryptography control strategy.
Organizational reporting: The role will report functionally and organizationally into the Cybersecurity and Technology Engineering Head of Controls with a dotted line into the Capability Owners area.
Requirements
What you will need to succeed in the role:
To be successful in this role you should meet the following requirements:
· Technical Background: We are looking for someone who brings a deep understanding of technology (preferably in the Cryptography area) or who is willing to build up knowledge quick.
· Communication skills: Communication is key in that role. The CRYP Control Owner must be able to communicate complex technical information to non-technical stakeholders and explain Cryptography control policies and procedures in a clear and concise manner. The control owner must be able to communicate to stakeholders on senior level, addressing challenges and feedback.
· Collaboration skills: The CRYP Control Owner must be able to work effectively with cross-functional teams, including Cybersecurity and business units to ensure that Cryptography control strategies align with organizational goals and requirements. It is key that the Control Owner stays on top of developments in other controls areas.
· Stakeholder management skills: The CRYP Control Owner must be able to manage relationships with stakeholders, including business units and audit/regulatory bodies, to ensure that Cryptography control strategies are well received and adopted.
· Problem-solving skills: The CRYP Control Owner must be able to identify and remediate challenges in (governance) processes and must be able to get technical consultancy from the Cryptography Capability Lead to respond to issues.
HSBCVZ/GZ*
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems.
Candidate with less relevant experience or skills may be offered a lower Global Career Band than stated above.
(Due to the urgent hiring need, candidates with immediate right to work locally and no relocation need will be prioritised.)
You’ll achieve more when you join HSBC.
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Nom du recruteur
Xiao Yu Zhong
E-mail du recruteur
veronica.x.y.zhong@hsbc.com.cn