HSBC Group

CISO – Onboarding and Know Your Customer (OBKYC)/Customer Due Diligence (CDD) and Servicing - CIB

GCB 4

Some careers grow faster than others. 

If you’re looking for further opportunities to develop your career, take the next step in fulfilling your potential right here at HSBC.

The CISO – CIB Onboarding and Know Your Customer (OBKYC)/Customer Due Diligence (CDD) and Servicing is responsible for the execution and continuous improvement of a best-in-class, Cybersecurity capability across their Global Business/Global Infrastructure(s) (GBGIs) and any market jurisdictions, as assigned. The role involves translation of highly technical Cybersecurity concepts into consumable language, in order to drive continuous assessment of cybersecurity and information risk in light of established risk appetites and a constantly evolving cyber-threat landscape. The CISO – CIB Onboarding and Know Your Customer (OBKYC)/Customer Due Diligence (CDD) and Servicing will manage a team of staff which is commensurate with the nature of the assigned GBGI, including its size, scope, and jurisdictional exposure. The CISO – CIB Onboarding and Know Your Customer (OBKYC)/Customer Due Diligence (CDD) and Servicing reports into the CIB & Americas/Europe CISO who is responsible for circa 50 staff.

The role holder will:

• Possess an entrepreneurial approach solving complex information and cybersecurity challenges, strong visionary leadership and communication skills, coupled with deep domain knowledge of information and cybersecurity best practices, experience of embedding these within an organization, and be able to drive a security-first culture across all aspects of the assigned GBGI.

• Manage stakeholders including the GBGI CIO, GBGI/Entity Board(s), GBGI COO(s) and GBGI CEO(s) as well as with Cybersecurity Leadership and staff, and external bodies. These include key regulators which apply to the assigned GBGI and its associated jurisdiction(s).

• Ensure appropriate oversight mechanisms and high standards of internal control, to ensure the identification of emerging threats in the GBGI Cybersecurity landscape are in place.

Duties & Responsibilities:

• Provide GBGI ownership and implement Cybersecurity best practice, standards and governance frameworks, mapping and adjusting controls to the evolving Cyber threat landscape. The position enhances operational controls, ensuring appropriate tools, Cybersecurity frameworks are adopted, assigned to and owned by stakeholders across the assigned GBGI
• Act as a single point of contact for Cybersecurity risk reporting to relevant Board(s), Committees, and other governance forums, as appropriate
• Drive customer focus, leading a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seeks opportunities to maximise Cybersecurity strategy to improve GBGI operations
• Set the tone and direction of GBGI Information and Cybersecurity practices and assist with definition of global Cybersecurity standards across the entire HSBC Group to proactively increase Cybersecurity awareness, ownership and Cyber risk reduction
• Focus on GBGI First Line of Defence activities across Identify, Protect, Detect, and Respond pillars of the NIST Framework
• Ensure continuous assessment and improvement of the control environment relative to the evolving Cyber threat landscape
• Work with stakeholders in respective GBGI to support the resolution / remediation of security incidents

Drive continuous engagement with GBGI senior executive management (such as COOs and CEOs) to provide expert knowledge that influences how to best manage information and cybersecurity risk exposure within business risk appetite, which will impact on their wider organisations

Experience & Qualifications:

•    Graduation degree is REQUIRED– to secure a UAE Visa and Work Permit
•    Minimum bachelor’s degree and/or experience in IT security governance and operational processes, preferably in the Financial Services industry or global corporate service provider
•    Extensive Cybersecurity leadership experience within large, complex, multinational organisations, preferably in banking/financial services within the Middle East
•    Strong understanding of Middle East regulatory requirements (SAMA Cybersecurity Framework, NCA ECC, CBUAE Information Security Regulations, DFSA cyber rules)
•    Deep expertise in Cybersecurity frameworks (NIST, ISO 27001), incident response, risk management, and control design, one or more industry-recognized cybersecurity-related certifications required (as per Regional Regulatory Requirements) including ISO270001, CISA, CISM, CISSP, CRISC
•    Proven ability to engage with regional regulators and represent the organisation in inspections and regulatory discussions
•    Exceptional communication and influencing skills; able to translate complex cyber risks into business language for executives and boards
•    Demonstrated success in leading and developing diverse global teams across multiple jurisdictions.
•    Entrepreneurial and customer-centric mindset, capable of balancing business priorities with Cybersecurity resilience.
•    Nice to have: knowledge of FX and Asset Management business models.
•    Positive and professional attitude, team player, flexible and adaptable, open to change(s)
•    Confident and takes responsibility and ownership for work and personal development
•    Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
•    Ability to communicate technical subject matter to non-technical stakeholders
•    Previous experience of delivering an excellent customer service
•    Ability to quickly develop good working relationships with stakeholders
•    Ability and self-motivation to learn and pick things up quicklyGood spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
•    Ability to communicate technical subject matter to non-technical stakeholders
•    Previous experience of delivering an excellent customer service
•    Ability to quickly develop good working relationships with stakeholders
•    Ability and self-motivation to learn and pick things up quickly

For further details and application information please visit our careers site, searching under reference number.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working, and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hong Kong and Shanghai Banking Corporation Limited