Job Description
Some careers open more doors than others.
If you’re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
Job Introduction
The role is part of the First Line Risk function supporting, advising and overseeing Asset management business in India to help achieving business objectives, meet fiduciary duties to client and to comply with regulatory norms while maintaining system and data security.
Assess, identify, and reduce cybersecurity risks of the organization
Principal Responsibilities
- Respond to cyber incidents in a timely manner.
- Establish appropriate standards and controls and direct the establishment and implementation of processes and procedures as per the cybersecurity and cyber resilience policy approved by the Board.
- Identify information security goals and objectives consistent with business need/objectives.
- A detailed list of roles and responsibilities as mandated by the regulator can be accessed here: Roles_Responsibilities-CISO.pdf (nciipc.gov.in)
- Also, the designated CISO will be responsible to implement the exhaustive new controls mandated by SEBI as a part of this circular. Broadly, the guidelines mandate these additional comprehensive controls:
- Modifications in the cyber security framework both in terms of governance and reporting
- Implementation of new security guidelines on data classification, localization, mobile security, Application programming interface (API), Security operations centre and software bill of materials.
- Implementation of ISO 27001 certification which is made mandatory as per recent mandate.
- Implementing Cyber capability index – a quantitative approach to identify cyber maturity and reporting the cyber health to regulators.
- Conducting an elaborate Cyber security table-top exercise to simulate various cyber security scenarios and testing the existing cyber controls.
- Liaise with various internal and external stakeholders to conduct red teaming/blue teaming exercise.
- Conduct technology/security committee meetings and liaising with internal and external auditors for matters related to information security
