VP AND ITCS LEAD, CONTROLS ASSURANCE, GLOBAL RCAS

Business: Risk and Compliance Assurance Services (RCAS)

Open positions: 1

Role Title: Vice President (VP), TCSD, Controls Assurance, RCAS, GSC’s

Global Career Band: 4

Location: Hyderabad

Recruiter Name:Shubhangi Masih

Why join us?

• The Group’s Risk Management Framework (RMF) requires independent Second Line Assurance of the management of material risks and controls across HSBC’s non-financial and financial risk taxonomies. The RCAS function provides a significant proportion of this assurance.
• Via its industry-leading centres of excellence, RCAS delivers innovative assurance solutions for and on behalf of HSBC’s Risk Stewards and peer assurance teams.
• Controls Assurance (CA) reports into RCAS and is responsible for assuring the risk management of critical business processes and specified non-financial and financial risks across the Group, principally by testing mitigating controls. This is achieved by building out a centralised offshore capability that will deliver agile, insightful, and cost-efficient assurance. CA also provides a resource augmentation service to other assurance teams within the Bank, becoming a vehicle to effectively manage assurance costs and resources. Also, CA works together with the RCAS Automation and Analytics team to develop, test and deploy their Continuous Assurance objectives.
• CA provides assurance across various Non-Financial and Financial Risks within all HSBC territories and divisions. These include, to differing extents, Operational and Resilience Risk (ORR), Model Risk, Wholesale Credit Risk (WCR), Retail Credit Risk (RCR), Insurance Risk, Financial Crime Risk and Regulatory Compliance Risk. Specifically, CA has a mandate to provide the following key assurance services:
• Process-led assurance – assuring the design, operation, recording and monitoring of key controls and expected risk management outcomes within agreed critical business services across the Group
• Risk-based cyclical assurance – assuring the above for specific risk taxonomies
• Entity Control assurance – assuring the design, operation, recording and monitoring of key controls designated by entity-level reporting frameworks across the Group (e.g., SOX, ELCs)
• Resource augmentation – Temporarily providing staff to non-RCAS assurance teams to support their assurance activities
• Work in alignment to the Integrated Assurance Framework (IAF)
• CA is principally comprised of Control Testing Utilities (CTUs) executing this assurance work. These CTUs are principally based in Global Service Centres within India, China and Poland, and are staffed with assurance specialists with expertise across the range of risks being covered.
• This role will report into the Head of Controls Assurance, RCAS (GSC Country location name) and will be responsible for delivering assessments of key control activities of Technology, Cyber Security and Data (TCSD) risks within ORR, in accordance with CA procedures and the assessment plan.
• The role holder will be required to support the Head of CA (GSC Country Location Name) in leading a team to assess the effectiveness of controls relating to the TCSD risks and identifying and raising issues where control gaps lead to material unaddressed risks.
• At a high level, the role holder will be responsible for the following:
• Lead an assessment team of Assistant Vice Presidents (AVPs – GCB5s), Managers (GCB6), as they evaluate a portfolio of controls for design effectiveness, operating effectiveness and/or risk management outcomes, raising issues as appropriate.
• Ensure that assigned control assessments are accurate, effective, abide by CA and RCAS methodology, procedures, and templates, and meet quality control requirements and are delivered on time, in accordance with the CA assessment plan.
• Supervise the delivery of assigned control assessments not limited to System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Change Management, Incident Management, Recovery Management, Software Development Lifecycle (SDLC), and other general controls; using experience and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required.
• Manage control owners and other stakeholders, ensuring the success of individual reviews, minimising contention where possible and requesting support, where deemed necessary.
• Manage the documentation of distinct control types, covering key aspects, such as remit, main processes, and handovers to other teams.
• Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the TCSD control owners to improve processes and manage risks to achieving operational and strategic goals
• Ensure that issue owners complete sufficient root cause analysis for all material issues and have appropriate remediation plans in place
• Lead, develop and motivate the assessment team to attract, retain and develop talent, ensuring the successful delivery of assigned control assessments.
• Support the Head of Control Assurance (GSC Country Location Name) in fulfilling CA responsibilities as required, including budget management, resourcing, and feeding into the development of procedures and templates.

What you’ll do:

Principal Accountabilities:Key activities and decision-making areas

Impact on the Business

• Lead a team of AVPs, Managers and Management Analysts in executing the CA assessment plan, ensuring the accurate, efficient, and timely completion of independent control assessments for TCSD risks and associated controls
• Oversee the quality of work delivered by the CA team and ensure compliance with CA and RCAS templates, procedures, and quality requirements.
• Understand and document the remit, process composition and team handovers of relevant controls.
• Proactively monitor the portfolio of assigned and relevant risks to identify key emerging trends and themes to inform the CA assessment plan and the continuous development of CA & RCAS methodology and procedures.
• Evaluate and manage the allocation of resources on an ongoing basis to ensure completion of assigned control assessments.

Typical Targets and Measures

• Execution and delivery of a portfolio of control assessments.
• Accurate, timely and reliable testing of controls associated with TCSD risks
• Drive a consistent approach to CA testing activities across all LoBs / TCSD risk themes outlined by the function, in accordance with standardised procedures.
• Meeting agreed regulatory deadlines and targets.
• Support the production of high-quality management information (MI) covering CA activities.
• Increased utilisation of automation and analytics across all CA assessments.

Customers / Stakeholders

• Build strong professional relationships with all internal stakeholders, adopting a joined-up approach to the execution of tasks with minimum conflict, while ensuring the independence of CA.
• Develop and maintain positive and professional relationships with key external stakeholders, where required.
• Ensure that executive and senior management in the business, functions and Compliance are advised of matters arising, and emerging trends, from assurance reviews and analysis.
• Provide stakeholders with insight into CA activities.
• Liaise with both First Line CCO teams and Internal Audit in line with the Integrated Assurance Framework to ensure that assurance activities and plans take full consideration of First and Third Line Assurance and inform audit activity.

Typical Targets and Measures

• Effective stakeholder management, ensuring constructive assessment outcomes.
• Facilitate regular meetings with stakeholders and senior management.
• Outputs (presentation decks, papers, reports, and guidance for the function) are clear, accurate and concise.

Leadership & Teamwork

• Lead, develop and motivate the assessment team to attract, retain and develop talent, ensuring delivery of business objectives.
• Lead on a portfolio of CA assessments, taking responsibility for their successful delivery.
• Operate to a high standard, in alignment with HSBC Values, leading by personal behaviour and through your interaction with others.
• Drive a high-performance culture across the team through effective leadership, engagement, and collaboration.
• Ensure effective communication across CA, delivering key messages and strategic updates as appropriate.

Typical Targets and Measures

• Drive a high-performance culture through attendance at team meetings and 1:1s with line manager and direct reports.
• Maintain personal objectives set consistently across day-to-day activities.
• Layered approach to interactions with teams, sharing best practices and highlighting issues across TCSD within ORR and other relevant functions, as appropriate.

Operating Effectiveness & Control

• Contribute to the development of CA procedures and templates, in collaboration with Controls Assurance Coordinator (CAC), Professional Practices (PP), Automation and Analytics and relevant SMEs, ensuring high operating standards within the division.
• Drive high operational standards within the team and avoid high-risk findings from Internal Audit or other internal/external Assurance teams.
• Be innovative in executing all responsibilities and providing solutions to complex issues in a dynamic, high-risk environment.
• Support the Head of CA in meeting the requirements of the sub-division.

Typical Targets and Measures

• Observation of line manager and feedback from key stakeholders.
• No high-risk issues from Internal Audit reviews directly relating to CA.
• Delivery of assurance activities as per the agreed plan and review notifications.

Major Challenges

• Bank expectations for ever more insightful, efficient, and cost-effective assurance, requiring an innovative mindset. Understanding the expectations of the regulators, external bodies and governmental initiatives and the Group’s shareholders and customers, as well as the complexity of financial services regulation and the diversity of business and geographies within the Group as a whole and taking these into account when configuring test scripts.
• The importance of risk management, and consequence of ineffective risk management, continues to be heightened via regulatory and media focus
• Determine innovate ways of testing controls in a precise and efficient manner, harnessing analysis of data where possible.
• Delivering assurance in an insightful, considerate, commercially minded yet independent manner that meets business needs
• Applying assurance in an environment of increasing commercial and regulatory change

Role Context

The role holder will require specialism in managing and/or assuring TCSD risks and controls, across the following activities (with specialism in many being advantageous).

• IT Asset & Inventory Management
• Architecture Management
• Change Management
• Deployment Management
• System Data Integrity
• Software Development Lifecycle
• Security Awareness & Training
• IT Protective Security Technology
• Network Resilience
• Network Security•Data Asset Protection
• Data Security
• IT Operations Management
• Logging, Monitoring, and Alerting
• Security Assurance
• Cyber Event Detection
• Vulnerability Management
• IT Service Continuity Management
• Incident Response and Recovery
• Identity & Access Management

The role holder will be required to lead on a portfolio of CA control assessments, potentially covering all business lines, functions, and geographies.

The role holder will support the Head of the CA in ensuring that the CA assessment plan is executed as assigned, meeting HSBC risk management requirements and regulatory expectations, providing risk stewards, control owners and senior management with up-to-date information regarding standards of compliance with financial crime and regulatory compliance rules within the organisation.

The role holder is required to work with considerable autonomy, dealing with issues for which there is no obvious solution while still being able to provide judgment and clear direction.

The role holder is responsible for ensuring that the assurance standards in the division are in accordance with the CA guidance, Group Standards Manual and Functional Instruction Manual (FIM).

Management of Risk

• Be acutely aware of the operational risks associated with business activities, considering changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
• The role holder is responsible for ensuring that they and any others they supervise operate in accordance with CA standards.
• Observation of Internal Controls (Compliance Policy / FIM requirements)
• Maintains HSBC internal control standards, including timely implementation of internal and external audit actions together with any issues raised by external regulators.
• To assist in the discharge of accountabilities set out in the relevant FIMs by proactively assisting Risk Stewards and Control Owners in their responsibilities.