Job description

Some careers open more doors than others. 

If you’re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. 

 Principal Responsibilities

 

This role is responsible for Stewardship of Data, Technology and Cyber Security, Resilience Risks as well as providing oversight of the Data Privacy Office capability. The role is also a nodal officer, for the central banking regulator, RBI, for all IT and Cyber risks, and is the designated CISO for the bank.

 

CISO

  • responsible for bringing to the notice of the Exco / IT sub-committee of the Exco about the vulnerabilities and cyber security risk the bank is exposed to.
  • member secretary of information security and related committee(s), if any, and ensuring current / emerging cyber threats to banking (including payment systems) sector and the bank's preparedness in these aspects are invariably discussed in such committee(s).
  • manage and monitor SOC and drive cyber security related projects in collaboration with CIO/CTO.
  • coordinate the activities pertaining to Cyber Security Incident response Teams (CSIRT).
  • develop cyber security KRIs and KPIs and get an independent assessment of the same including its coverage at least on a quarterly basis.
  • shall have a robust working relationship with CRO to enable holistic risk management approach. To this effect, CRO may be invited to information security committee meetings. CISO may be a member of (or invited to) committees on operational risk where IT/IS risk is also discussed.
  • CISO's office shall be adequately staffed with technically competent people, if necessary through recruitment of specialist officers, commensurate with the business volume, extent of technology adoption and complexity.
  • an invitee to the IT strategy committee and IT steering committee.

 

Data Privacy and data risk

  • responsible for ensuring the bank meets its obligations under data protection and privacy laws and provide expert advice, guidance and direction and support the necessary standards and controls to enable the Bank, including its employees and relevant third parties, to manage privacy risks and comply with obligations under data protection laws in relation to the processing of personal data. To establish a culture of privacy within HSBC, to work collaboratively with key senior stakeholders across the business and be accountable for keeping executives appraised of privacy risks and issues.
  • Informing and advising the business and its employees of their data privacy and protection compliance obligations
  • Providing expert guidance, oversight and challenge on all aspects of data protection and privacy risk strategy and compliance focusing efforts on areas that present higher data privacy risks
  • Monitoring compliance with data privacy provisions and with HSBC Group policies relating to the protection of personal data, including the assignment of responsibilities, staff education and awareness training, and ensuring remediation of any related audit findings
  • Reviewing and advising on Data Protection Impact Assessments (DPIAs) and monitoring performance of mitigations, where necessary
  • Cooperating with the regulatory authority
  • Acting as the contact point internally and externally with data subjects and the regulatory authority
  • Advising on, and providing the business with support, to ensure the necessary safeguards and controls are in place to ensure compliance with requirements for international data transfers by identifying all circumstances in which personal data is transferred outside of the relevant jurisdiction; and
  • Provide incident management advice and/or support as needed and ensure that data incidents and breaches are responded to and managed effectively with data subjects and that the relevant authorities are informed within necessary timeframes. 

Resilience Risk (RR) Specialists

 

  • provide expert advice covering specific RR risk lens to ensure high quality advice, expertise and guidance is available across the responsible risk types: Technology (including Cyber Security) Risk; Data and Information Security Risk.  RR Specialists operate on an entity-wide basis and must work closely with the ERM Business and Functions aligned roles to support them by providing RR technical advice and guidance for their consumption and use in delivering their respective relationship management remits. Given the broad scope of the RR risk types, in country RR specialists will also operate within a regional RR specialist community, which will operate in each region.
  • Provide technical advice and support to INM ERM Business and Functions teams and ensure they understand and are aware of the control environment and assessment of risk within the country commensurate with the scale and nature of operations.
  • Support the ERM, Business & Functions teams to explain in non-technical terms the impact of issues or events, and top and emerging risks that may require changes (for example, to controls, resources or business operations) to remain within respective Risk Appetite. Support the ERM Business & Functions teams to ensure Risk and Control Owners have clear understanding of the effectiveness of the current control environment.
  • Monitor the local external environment to get early sight of emerging risks and provide detailed guidance on controls required to mitigate against them. Build and maintain relevant cross-organisation and industry relationships.
  • Deliver tailored and specific expertise across INM enabling 1LOD to successfully deploy and operate mitigating key controls.
  • Provide technical guidance to support development and completion of Enterprise Risk and Regulatory reporting obligations (e.g. RAS, Top & Emerging Risks, Risk Profile Reporting, RMM, Board reporting where relevant, etc)
  • Ensure the root cause of relevant local operational risk issues and events are fully understood and correctly treated.
  • Ensure any concerns with key controls and material change programmes, relevant to their area of RR specialism, are understood and escalated (i.e. within country, to region and/or global peers) as needed.
  • Work in conjunction with the ERM Business & Functions team and 1LOD to escalate any matters within the RR classes when needed.
  • Lead INM regulator and audit engagement pertaining to RR risk types; ensure regulatory compliance for the specialist area/s and timely completion of Audit actions and findings.
  • Support ERM Business & Functions team in the development and implementation of localised Non-Financial Risk framework activity as required (e.g. Locally Significant Risks) or to meet local regulatory expectations.
  • Support training and capability uplift for the ORR Business & Functions team and to the wider HSBC community to ensure robust understanding of all RR risk areas
  • Support the region/ global RR Specialist teams to leverage niche expertise and knowledge as required
  • Additional specific Country responsibilities may be added to this role profile at the direction of the CRO and the country reporting line.

 

Emerging Risks & Change Oversight:

  • Ensuring critical issues, events and incidents both in key controls and material change programmes are managed and understood by and escalated to appropriate governance forums for appropriate and timely resolution
  • Educating stakeholders to understand the impact of emerging risks that require changes to controls, resources and business operations to ensure they remain within appetite
  • Ensuring that Data, Technology and Cyber/Digital related initiatives are not adversely affected as a result of poor planning, testing and approach during the delivery of significant change 

Conduct Impacts: 

 

  • Overseeing, escalating and providing guidance on the identification of conduct impacts across Data, Technology and Cyber Security risks and activities owned by the 1LOD, including where control weaknesses and risk events impact the delivery of good outcomes
Requirements
  • Strong leader with the ability to influence at the senior levels of the organisation
  • Strong level of Data, Technology and Cyber Security risk management knowledge and relevant deep experience
  • Strong level of business knowledge and experience of working in the key resilience risk specialist areas 
  • Ability to communicate effectively, building strong relationships and influence senior internal and external stakeholders
  • Comprehensive knowledge of the external environment (threat, regulatory, geopolitical, competitor, technological landscapes)
  • Comprehensive knowledge of the internal control environment
  • MBA / FRM / CA or equivalent with at least 10 years of post-qualification work experience in related industry / field plus a professional certificate in one or more RR specialist disciplines, will be an advantage
  • Professional qualifications in the area of Cybersecurity, Information Systems Audit or equivalent qualification from a recognised professional body may be advantageous 

You’ll achieve more at HSBC.

 

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

 

Issued by The Hongkong and Shanghai Banking Corporation Limited, India

====================================================================================================

返回搜索结果