Job description

Business: Global Risk COO Office

Open positions: 1

Role Title: AVP-BRCM- Global Risk- GSC’s

Global Career Band: 5

Location (Country / City ): Bangalore, Gurugram, Hyderabad, Kolkata, Pune

Recruiter Name : Geetika Gupta

The Opportunity:

Role Purpose

  • The Global Risk and Compliance Business Information Risk and Third Party Risk Control Officer  main areas of responsibilities include providing BIRO support to the GBIRO for HBEU / MENAT and the Global Support Centres (GSCs) including key BIRO initiatives plus Third Party Risk support activities under the Global Third Party Risk Officer (GTPRO) – these include but are not limited to:
  • Managing Information Security and Cyber Risks along with overseeing the management of the appropriate Information Security and Cyber Risk framework, policies, processes and projects collectively to ensure that proportionate and effective information security and cyber controls are established and maintained across the Risk function.
  • Acting within the First Line of Defence (1LOD) and working closely with the Global Risk Lead Business Information Risk Officer (GLBIRO) and Regional Business Information Risk Officers (RBIROs) to support and provide the appropriate governance and oversight of key controls, metrics and management information (MI).
  • Ensure the application of, and adherence to the Group Third Party Risk Framework by working closely with the Global Third Party Risk Officer (GTRO) and Regional Third Party Risk Officers (RTRO) to ensure the appropriate execution of operational risk/control management activities as defined in the Framework.

Governance and Committee Memberships

  • Risk Management Meeting, Regional Risk and Compliance monthly BIRO & TPRO forum.

What you’ll do:

Principal Accountabilities and Responsibilities

Impact on the Business/Function

  • Actively engage with all key stakeholders who are involved in the management of Information Security and Cyber risk / Third Party Risk ensuring that there is sufficient oversight of the impacts to Global Risk function
  • Work closely with key stakeholders to ensure the integration of information security and cyber risk and/or control management and driving the embedding of framework activities within Global Risk Function
  • Work closely with key stakeholders to ensure the integration of Third-Party Risk and/or control management and driving the embedding of framework activities within Global Risk Function
  • Undertake Information Security and Cyber Risk / Third Party Risk consultation – this is undertaken on both an ad hoc and organized basis and is vital for ensuring that the risk and controls are appropriate to the Function and any risks identified by the Functions can be considered in the broader regional/global context. 
  • Provide support on the application of Information Security and Cyber risk policies and standards and how the application of these policies and standards drive compliance within Global Risk Function, and where applicable enable solutions and recommendations where necessary, including (but not exhaustive):
  • Training and Awareness
  • End User Information and cyber security
  • Third Party Controls
  • Physical Information and cyber security
  • Data Leakage Prevention
  • Information and Cybersecurity risk identification & management
  • Access Management
  • Provide support on the application of the Third-Party risk policies and standards and how the application of these policies and standards drive compliance within Global Risk Function, and where applicable enable solutions and recommendations where necessary
  • Understand and advise on the Information Security and Cyber risks and Third-Party Risk Framework in relation to the Risk and Control Assessment (RCA) process. Support the Global Risk Function with subject matter expert input into their risk assessments and risk-based control monitoring.
  • Ensure governance processes and decisions are applied consistently.
  • Ensure the appropriate capture of key risk and control metrics are captured, challenged and reported to management as appropriate
  • Support ability to demonstrate risk reduction through alignment to risk appetite, taking a risk-based approach and methodology and driving effective control environments through collaboration with 1LOD teams.

Customers / Stakeholders

The Business Information Risk and Third-Party Risk Control Officer will be expected to:

  • Autonomously identify and manage Information Security and Cyber risks / Third Party Risks that are specific to global risk functions in conjunction with direction from the Global Lead BIRO / GTPRO ensuring remediation plans or processes are in place for gaps / breaches / non-compliance
  • Continuously and proactively monitor established manage Information Security and Cyber risks / Third Party Risks in conjunction with direction from direction from the Global Lead BIRO and GTPRO
  • Participate in all relevant conferences and meetings
  • Oversee and participate in the implementation of all relevant projects/initiatives emanating from the Global business structure
  • Clear understanding of the vendor risk management processes related to Third Party Risk Management
  • Share best practices across the global business / functions and within area/region/globally (as applicable)

Leadership & Teamwork

  • Have regular briefings and updates with key stakeholders and ensure the appropriate communication is fed up via the appropriate channels

Major Challenges

  • Ability to initiate and roll out new processes on a global basis
  • Ability to stand back and assess, monitor, report, and mitigate the ISR risks from developing matters.
  • Navigation/co-ordination skills to ensure all relevant data is received and processed quickly and accurately.
  • Working with a “virtual” team distributed globally

Role Context

  • Interface directly with the appropriate Senior Management within Risk as required

Management of Risk

  • The jobholder will also continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
  • This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring.
  • Also by addressing any areas of concern in conjunction with line management and/or the appropriate department.

Observation of Internal Controls

  • The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
Requirements

What you will need to succeed in the role:

Knowledge & Experience / Qualifications

  • Background in risk management and / or internal audit; Audit, Risk or Compliance professional designation preferred
  • Experience of matrix management across complex environments
  • Knowledge of Information Security and Cyber Risk trends and best practice (e.g. GASSP, ISO27001, etc)
  • Ability to influence Senior Leaders across multiple business lines
  • Ability to drive Operational Risk within the 1st of defense and obtain appropriate management buy in
  • A detailed understanding of HSBC and Group requirements as detailed in Group Standard Manuals, Functional Instruction Manuals and local standards and how it works
  • An expert level and extensive amount of Operational Risk and Internal Audit knowledge to face off appropriately to the different risk managers in the Group and also external parties
  • Significant experience of implementing control frameworks within Risk Functions
  • Experience of implementing global control frameworks within complex environments
  • Demonstrable experience of managing operational risk within appetite during operational change and reorganisation

Link to Candidate User Guide:

https://hsbchrdirect.service-now.com/nav_to.do?uri=%2Fhrsp%3Fid%3Dkb_article_preview%26sys_id%3D0c6b11641b6a9810cec0553a2d4bcb2a

 (Or)

Go to the below link and type “IND GSC : IJP Applicant User Guide” in search bar. https://hsbchrdirect.service-now.com/hrsp?id=hrdirect_employee_dashboard

You’ll achieve more at HSBC

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”

 

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Electronic Data Processing (India) Private LTD***

招聘人员名称
Geetika Gupta
招聘人员电子邮件
geetika.gupta@hsbc.co.in
返回搜索结果