Digital General IT - Cybersecurity/ Lead Consultant Specialist

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Lead Consultant Specialist

In this role, you will:

• Responsible in driving the execution of the Group Information Security and Cybersecurity strategy across the service line, and helping meet the Global Business/Global Function cybersecurity objectives aligned to the organization focus.
• You will be part of the first line of defence (1LOD) and responsible for leading the Cybersecurity and managing information security risks and controls (including cyber and non-cyber owned controls) relating to their governance, operation, monitoring and reporting.
• The role will support the business and its technology function in their run the bank and change the bank programmes, particularly in relation to information security and cybersecurity requirements. Work in partnership with central functions of the Group Cybersecurity team to collate and report on the management of information security and cybersecurity risks and controls; translate technical information into consumable reports for senior stakeholders;
• Support with the delivery of information security and cyber remediation activities; support with the delivery of cybersecurity transformation programmes; and gather information to report on regulatory compliance of the central functions.
• The role holder support to drive continuous assessment and improvement of cybersecurity and information security risk in line with the Bank’s risk appetites and a constantly evolving cyber-threat landscape.      
• Support initial risk assessment process and providing consultancy and guidance Responsible for undertaking application security risk assessments as part of development projects. This entails using a threat modelling methodology to identify threats which could affect the Confidentiality, Integrity and Availability of the data and components in scope.
• Own driving the remediation of security issues (defects), or supporting other risk treatment methods as needed (e.g. risk acceptance). Partner with the Business service owners, Risk stewards and Chief Control Office Technology functions to promote and provide guidance to relevant policies, standards and governance within the department.
• Provide updates with respect to global IT Control uplift programs to stakeholders. Lead IT engagement with internal / external / client audit and Regulatory Exams, including oversight of field work, collation of artefacts and partnership with CCO tech to remediate issues. Communicate residual risk through reporting, business governance processes and forums. Provide visibility of status of action plans and external/internal audit issues through different MIs/Dashboards