AVP - Business Information Risk Office

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions

Role Purpose

• The Control Office is a function that sits within the markets business within the Markets & Securities Services area of HSBC. The Control Office helps manage and control non-financial and new risks in the business, including but not limited to operational, conduct and product lifecycle risk.
• Business Information Risk Office (BIRO) is responsible for driving Information Security, Technology, and Cyber management within the business providing timely quality advice and assistance to the business in support of their risk management activities, translating technical risks and control related aspects to non-technical business across all Regions. BIRO are subject matter expert on all matters relating to information security and cyber risk, and ensuring each business is aware of (and suitably managing) the related risks.

What you’ll do:

Impact on the Business/Function

• Be responsible for providing cyber and information security risk management input to the business in support of their overall operational risk management activities, working alongside the onshore BIROs, business management and control officers to articulate and understand these risks and ensuring that they are appropriately reflected in business Risk Control Assessment (RCA) – driving related RCA activities as required.
• Assist the Global MSS Businesses in the identification, documentation and resolution of information security and Cyber risk issues (liaising with relevant functions, e.g. Cybersecurity, where required) as guided by lead / onshore BIRO.
• Provide timely guidance to business on queries relating to information security, leveraging strong knowledge of Bank policies, industry good practice and requirements of NFR management process to drive de-risking of Business processes. This includes review of any exceptional access requests to ensure exceptional access is only granted where required and with appropriate mitigating controls.
• Support the business and onshore BIROs in ensuring that technology, cyber and information security risks in the RCAs are adequately assessed, documented, with gaps identified and appropriate remedial actions agreed. Support the business in developing and executing appropriate monitoring plans for these risks.
• Support the business in ensuring that information security related incidents are appropriately triaged and managed, including following up with respective parties to ensure remedial actions are undertaken
• Provide SME input into risk reductions initiatives and support BIRO delivery of these initiatives by supporting programme management, reporting & governance activities for initiatives. Support the business by ensuring business owned risk reduction activities are robust and sustainable.

Typical Targets and Measures

• Responsibility for reviewing, processing, escalating and closing cases in a timely manner
• Ensure as much as possible that escalations to Global BIRO are genuine
• Production of accurate MI

Customers / Stakeholders

• Meet expectations of business partners and London Control Office
• Develop relationships with Resilience Risk, and other 2LOD functions as required, ensuring 2LoD observations are understood and where required, remediation plans are in place and remediation is appropriately tracked and reported.
• Be responsible for providing Business and MSS CCO management with a view of their information risk landscape through appropriate assessment of technology, information security and cyber issues across the front-to-back businesses, reviewing the external risk landscape, available metrics and providing timely updates, and for re-visiting these assessments periodically to ensure ongoing relevance.
• Be responsible for undertaking deep dives of cyber and information technology issues, as directed by the Chief Control Officer and Lead BIRO, recommending and delivering practical remediation activities.
  

Typical Targets and Measures

• To create confidence in London Control Office and business to offshore tasks
• Ability to suggest and propose changes to processes; driving change
• Feedback from local and London Control Office management, businesses and other stakeholders

Leadership & Teamwork

• Ability to act proactively and multitask
• Knowledge transfer to the team and learn from other team members
• Self - motivated, enthusiastic and proven rapid leaning capability
• Actively participate in team meetings. Bringing solutions / suggestions / recommendations to the table.
• Ability to work efficiently without supervision

Typical Targets and Measures

• Be able to integrate into an existing close team
• Effective contribution in team meetings and business calls
• Be open to feedback and highlight areas of improvement
• Feedback from local and London Control Office management and other stakeholders

Qualifications

What you will need to succeed in the role:

• Relevant experience in the information risk / information security space, preferably in financial services.
• Risk & control experience – e.g. 2LOD / 1LOD operational risk, information security risk, audit with a focus on information security / information risk.
• Performance of risk and controls assessments related to information technology and information security.
• Information Security certifications e.g. CISA, CISM, CRISC etc will be an advantage
• Strong understanding of information security, technology & cyber risks and potential mitigating actions, industry / good practices and related risk/control frameworks
• Good understanding of technology and information security risk/control disciplines

• Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
  Excellent written communication, research and analytical skills
• Proficient in MS Office (incl. Excel & PowerPoint)

Essential Skills/ Compentencies

(Including: Interpersonal skills, management, leadership, communications, sales, planning and organising, project management skills etc.)

Operational Effectiveness & Control

• Ability to work autonomously
• Ability to work across regions, and build relationships with stakeholders globally
• Analysis of Management Information, including meeting packs from regional, business and GBM committees.
• Assist with ad hoc project work and special investigations to provide further analysis as requested by management. Support for the Business Control Committee governance structure.
• Support and analysis for Management Information initiatives.
• Strong interpersonal skills and experience of working effectively and independently in a small team and also collaborate with global colleagues
• Implement best practice improvements
• Identify gaps in process documentation and address these effectively
• Maintain issues log and track progress in a timely manner

Desired Skills/ Competencies

(Including: Interpersonal skills, management, leadership, communications, sales, planning and organising, project management skills etc.)

• Ability to work under pressure and within tight time-lines. Excellent time management and prioritisation of work tasks. Manage urgent ad-hoc requests from London Control Office / business
• Ability to support decisions with sound reasoning.
• Ability to clearly articulate implications of analysis and findings
• Ability to learn and grasp and new systems, tools and databases quickly
• Ability to make accurate judgment calls on the nature of alerts in a short time period (i.e. deciding quickly and reliably what requires escalation)

You’ll achieve more at HSBC

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.