Assistant Vice President Non Financial risk specialist

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

HSBC is one of the largest banking and financial services organizations in the world, with operations in 62 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions.

We are currently seeking an experienced professional to join our team in the role of Assistant Vice President Non Financial risk specialist

Principal responsibilities

• Be responsible for providing cyber and information security risk management input to the business in support of their overall operational risk management activities, working alongside the onshore BIRO(Business Information Risk Officer), business management and control officers to articulate and understand these risks and ensuring that they are appropriately reflected in business Risk Control Assessment (RCA) – driving related RCA activities as required.
• Assist the Global MSS(Market Security Services)  Businesses in the identification, documentation and resolution of information security and Cyber risk issues (liaising with relevant functions, e.g. Cybersecurity, where required) as guided by lead / onshore BIRO.
• Provide timely guidance to business on queries relating to information security, leveraging strong knowledge of Bank policies, industry good practice and requirements of NFR(Non-Financial Risk) management process to drive de-risking of Business processes. This includes review of any exceptional access requests to ensure exceptional access is only granted where required and with appropriate mitigating controls.
• Support the business and onshore BIROs in ensuring that technology, cyber and information security risks in the RCAs are adequately assessed, documented, with gaps identified and appropriate remedial actions agreed. Support the business in developing and executing appropriate monitoring plans for these risks.
• Support the business in ensuring that information security related incidents are appropriately triaged and managed, including following up with respective parties to ensure remedial actions are undertaken
• Provide SME(Subject Matter Expert) input into risk reductions initiatives and support BIRO delivery of these initiatives by supporting programme management, reporting & governance activities for initiatives. Support the business by ensuring business owned risk reduction activities are robust and sustainable.
• Meet expectations of business partners and London Control Office
• Develop relationships with Resilience Risk, and other 2LOD(Line of Defense ) functions as required, ensuring 2LoD(Line of Defense) observations are understood and where required, remediation plans are in place and remediation is appropriately tracked and reported.
• Be responsible for providing Business and MSS CCO(Chief Control Office) management with a view of their information risk landscape through appropriate assessment of technology, information security and cyber issues across the front-to-back businesses, reviewing the external risk landscape, available metrics and providing timely updates, and for re-visiting these assessments periodically to ensure ongoing relevance.
• Be responsible for undertaking deep dives of cyber and information technology issues, as directed by the Chief Control Officer and Lead BIRO, recommending and delivering practical remediation activities.