HSBC Group

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

HSBC is one of the largest banking and financial services organizations in the world, with operations in 62 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions.

We are currently seeking an experienced professional to join our team in the role of Assistant Vice President Non Financial risk specialist

Principal responsibilities

• Be responsible for providing cyber and information security risk management input to the business in support of their overall operational risk management activities, working alongside the onshore BIRO(Business Information Risk Officer), business management and control officers to articulate and understand these risks and ensuring that they are appropriately reflected in business Risk Control Assessment (RCA) – driving related RCA activities as required.
• Assist the Global MSS(Market Security Services)  Businesses in the identification, documentation and resolution of information security and Cyber risk issues (liaising with relevant functions, e.g. Cybersecurity, where required) as guided by lead / onshore BIRO.
• Provide timely guidance to business on queries relating to information security, leveraging strong knowledge of Bank policies, industry good practice and requirements of NFR(Non-Financial Risk) management process to drive de-risking of Business processes. This includes review of any exceptional access requests to ensure exceptional access is only granted where required and with appropriate mitigating controls.
• Support the business and onshore BIROs in ensuring that technology, cyber and information security risks in the RCAs are adequately assessed, documented, with gaps identified and appropriate remedial actions agreed. Support the business in developing and executing appropriate monitoring plans for these risks.
• Support the business in ensuring that information security related incidents are appropriately triaged and managed, including following up with respective parties to ensure remedial actions are undertaken
• Provide SME(Subject Matter Expert) input into risk reductions initiatives and support BIRO delivery of these initiatives by supporting programme management, reporting & governance activities for initiatives. Support the business by ensuring business owned risk reduction activities are robust and sustainable.
• Meet expectations of business partners and London Control Office
• Develop relationships with Resilience Risk, and other 2LOD(Line of Defense ) functions as required, ensuring 2LoD(Line of Defense) observations are understood and where required, remediation plans are in place and remediation is appropriately tracked and reported.
• Be responsible for providing Business and MSS CCO(Chief Control Office) management with a view of their information risk landscape through appropriate assessment of technology, information security and cyber issues across the front-to-back businesses, reviewing the external risk landscape, available metrics and providing timely updates, and for re-visiting these assessments periodically to ensure ongoing relevance.
• Be responsible for undertaking deep dives of cyber and information technology issues, as directed by the Chief Control Officer and Lead BIRO, recommending and delivering practical remediation activities.

• Minimum 5 years’ experience in the information risk / information security space, preferably in financial services.
• 5+ years of risk & control experience – e.g. 2LOD / 1LOD(Line of Defense) operational risk, information security risk, audit with a focus on information security / information risk.
• Performance of risk and controls assessments related to information technology and information security.
• Information Security certifications e.g. CISA, CISM, CRISC etc will be an advantage
• Strong understanding of information security, technology & cyber risks and potential mitigating actions, industry / good practices and related risk/control frameworks
• Good understanding of technology and information security risk/control disciplines
• Excellent written communication, research and analytical skills
• Proficient in MS Office (incl. Excel & PowerPoint)
• Ability to work under pressure and within tight timelines. Excellent time management and prioritization of work tasks. Manage urgent ad-hoc requests from London Control Office / business
• Ability to support decisions with sound reasoning.
• Ability to make accurate judgment calls on the nature of alerts in a short time period (i.e. deciding quickly and reliably what requires escalation)

You’ll achieve more at HSBC

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Electronic Data Processing (India) Private LTD***