HSBC Group

GCB 5

Some careers have more impact than others.

If you’re looking for a role where you can continue to make an impression, take the next step at HSBC where your contributions will always be valued.

Wealth and Personal Banking (WPB) Hong Kong helps deliver on HSBC’s purpose of opening up a world of opportunity by providing our customers with borderless banking and world-class wealth management through best-in-class, mobile-first capabilities, and exceptional people. Our international network and breadth of expertise enable us to support individuals, families, business owners, investors, and entrepreneurs. We have four key business areas responsible for efficiently bringing the best of HSBC to our clients through a broad and relevant suite of wealth and retail banking capabilities: Asset Management, Global Private Banking & Wealth, HSBC Life, Retail Banking & Strategy and COO & Digital Transformation.

We are currently seeking a high calibre professional to join our team as a Digital Business Risk and Control Manager.

Principal Responsibilities

In this role you will

• Risk Identification – Monitor, guide and/or challenge the non-financial risk management impact from PayMe’s strategic initiatives and change programmes, ensuring risks are identified, quantified and appropriate mitigation undertaken. Assist the relevant PayMe business teams monitor against risk appetite and manage the impact arising from any breaches, including PTG remediation

• Trusted Advisor – Provide early risk and controls consultancy, advice, credible challenge and guidance to PayMe business teams on blue sky product development, and on any new or changing distribution channels, processes, third parties and people.  Above all, ensure that all risks arising from PayMe’s change initiatives are appropriately managed

• Control Effectiveness & Risk Governance  – At all times understand the health of PayMe’s key controls and ensure the business control owners have adequate control monitoring plans in place.  Ensure that (holistically) 1LOD management is adequately adopting HSBC FIM, Policy and Procedural standards, and where purposefully not, ensure dispensations, deviations and/or variances are received. Deliver insightful and evidence based risk position and/or acceptance papers, pertaining to PayMe’s risks and/or PayMe CCO regulatory activities, to PayMe’s applicable governance committees, and by request of, or escalation to, the line of business and country risk management forums.  Ensure that relevant KRI/KCI reporting is complete, accurate and is timely provided to the relevant stakeholders and governance committees

• Internal Event / Issue and Action Management – Partner with PayMe business and IT teams to provide clear guidance and advice when internal events materialize.  This includes ensuring appropriate root cause analysis is performed, escalations are made according to policy, remediation plans create effectively designed and sustainable solutions, and remediation activities are tracked to completion

• Non-Financial Risk Management Embedding Activities – Responsible for promoting and supporting all PayMe CCO related non-financial risk management embedding activities including monitoring and oversight of all PayMe internal events, issues, actions (remediation) and control effectiveness (including continuous monitoring and key indicators), ensuring Business Service Owners can comply with their monitoring obligations, ensuring risk governance structures remain effective, be alert to the identification of emerging risks, collaborating with WPB on the PayMe impact from risk taxonomy and control library changes, be a key gatekeeper of the PayMe CCO’s Confluence pages and records management, and provide specialist NFR training where applicable. This may also include creating and performing appropriate levels of data analytics to support root cause and/or risk positions/analysis

• Regulatory Activities – Responsible for the timely completion of PayMe CCO related regulatory activities including identifying, assessing, coordinating and overseeing the implementation of PayMe regulatory change, risk and control oversight of all PayMe recurring and ad hoc regulatory reporting and the performance of PayMe CCO assigned SVF regulatory obligations (e.g. annual SVF compliance assessment and OTP effectiveness testing).  This may also include providing assurance to PayMe management that HKMA SVF regulatory requirements, expected controls, processes and projects have been implemented and to ensure that proportionate and effective monitoring and oversight is established and maintained

• Collaboration – Active collaboration and partnership with other PayMe Digital and/or Financial Crime Risk Managers, AMH WPB CCO functional teams (in particular Risk & Control, Business Financial Crime, Data Office and Business Regulatory Compliance), Digital Business Services (DBS) IT Risk Management and all applicable 2LOD risk stewards

• Regulatory Change & Assurance Review Support – Provide and apply expert guidance to PayMe business teams and (where applicable) WPB CCO and DBS teams on complying with the latest HKMA SVF specific guidelines, practice notes, position papers and/or other relevant interpretations. Support PayMe management in their obligations to first, second and third line assurance reviews, external audits and any applicable Regulator inspections

To be successful you will need

• Work Experience – Solid years’ relevant experience is expected, preferably within a role where PayMe can leverage core transferrable skills and knowledge (particularly digital wallets, mobile payments, or wider fintech/digital related) but also gain from the diversity of thought and experience.  For example, one or a combination of Risk Management, Risk Consultancy, Process Engineering/Improvement, Internal Audit, Internal Control and/or CCO type roles such as BRCM, BFCR, CITRO etc.  Candidates with less experience in the above types of roles but with greater applicable digital wallet, mobile payments or fintech related business/technical acumen will also be considered (e.g., from a Business Strategy, Product Management or Business Transformation type roles)

• Subject Matter Experience – Relevant experience or exposure to several different non-financial risks (e.g., financial crime, fraud, third party, data privacy, data management, regulatory compliance, change management or information security), and their management, including an understanding of the related Regulatory and industry best practices is required.  A fluid understanding of risk management principles in a business context (ideally digital wallets) is also required. This includes experience with policy interpretation, control identification and design, procedural writing, control monitoring, incident management and proactive remediation

• Soft Skills – Persistent, resilient, flexible and resourceful. Must be a good communicator, across all levels of management and comfortable operating in an agile, complex and dynamic working environment.  A hands on and can do attitude, a team player and the ability to balance working independently with limited supervision, or together as a team (physically or virtually) are all highly important

• Analysis and Reporting – Experience in preparing highly professional reports, papers and/or other applicable presentation decks to Senior Management and governance committees, within tight delivery timeframes, is considered advantageous

• HSBC Policy – At a minimum, working knowledge of a number of HSBC’s Non-Financial Risk Framework, WPB’s Product Risk Management and Governance Policies, Global Financial Crime Policies, WPB’s Fraud Risk Management Framework, Global Third Party Risk Management Framework, Global Business Service Owner Framework and HSBC’s Scaled Agile Framework are all expected

• HSBC Collaboration Tools – Familiarity with SharePoint, Confluence and JIRA would be advantageous

• HSBC Systems and Infrastructure – Familiarity with Microsoft Azure, Amazon Web Services, EIM, GSD, SCOTT, HELIOS and/or SAMS would be advantageous

• Certifications – Nothing specific required although a track record of continued professional development is highly desirable

When applying, please submit a full resume and attach your appraisal reports for the last two performance years. Your local internal application policy should be followed. For internal applicants in Hong Kong with less than twelve months in their current role, please also obtain and enclose the endorsement from your current line manager in the application as well; for more information, you can visit HRDirect and search for content "HKG: Do I need any approval to look for internal career opportunities?".

Opening up a world of opportunity

Candidate with less relevant experience or skills may be offered a lower Global Career Band than stated above.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hongkong and Shanghai Banking Corporation Limited.