If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be.
HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions.
We are currently seeking an experienced professional to join our team in the role of AVPBusiness InformationRisk Officer (Resilience Risk):
Role purpose
Business InformationRisk Officers are responsible for discharging their responsibilities across the Businesses and Regions. This involves working directly with back, middle and front office staff, including Control Officers in each business, to ensure all Information Security, Technology and Cyber risks are appropriately identified, assessed, managed and tracked.
The risk utility BIRO will support the broader WCCO organisation by providing timely guidance and support to the business on Information Security related issues and supporting BIRO driven risk reduction activities including CTB initiatives. The scope of this role is Global Wholesale Business including WCOO, GB & CMB and shall use their subject matter expertise to drive de-risking of business processes.
Principal accountabilities
· Be responsible for providing cyber and Information Security Risk management input to the business in support of their overall operational risk management activities, working alongside the business management and control officers to articulate and understand these risks and ensuring that they are appropriately reflected in business Risk Control Assessment (RCA) – driving related RCA activities as required.
· Assist the Wholesale businesses in the identification, documentation and resolution of Information Security and Cyber risk issues (liaising with relevant functions, e.g. Cybersecurity, where required) as guided by lead / onshore BIRO.
· Assist the Wholesale businesses in preparation of MI which can assist in the required analysis.
· Provide timely guidance to business on queries relating to Information Security, leveraging strong knowledge of Bank policies, industry good practice and requirements of NFR management process to drive de-risking of Business processes.
· Support the business in ensuring that technology, cyber and Information Security Risks in the RCAs are adequately assessed, documented, with gaps identified and appropriate remedial actions agreed. Support the business in developing and executing appropriate monitoring plans for these risks.
· Provide SME input into risk reductions initiatives and support BIRO delivery of these initiatives by supporting programme management, reporting & governance activities for initiatives. Support the business by ensuring business owned risk reduction activities are robust and sustainable.
· Be responsible for providing Business and WCCO management with a view of their information risk landscape through appropriate assessment of technology, Information Security and cyber issues across the front-to-back businesses, reviewing the external risk landscape, available metrics and providing timely updates, and for re-visiting these assessments periodically to ensure ongoing relevance.
· Be responsible for undertaking deep dives of cyber and information technology issues, as directed by the Chief Control Officer and Lead BIRO, recommending and delivering practical remediation activities.
· Develop relationships with Resilience Risk, and other 2LOD functions as required, ensuring 2LoD observations are understood and where required, remediation plans are in place and remediation is appropriately tracked and reported.
· Understand the impact of, and advise on related risk categories such as Third Party Risk.