Compliance Assurance Manager - Technology, Cyber Security And Data

If you’re looking for a career where you can make a real impression, join our Global Service Center (GSC)- HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of

Compliance Assurance Manager - Technology, Cyber Security and Data 

Role purpose:

Controls Assurance (CA) reports into Risk & Control Assessment (RCAS) and is responsible for assuring the risk management of critical business processes and specified non-financial and financial risks across the Group, principally by testing mitigating controls. This is achieved by building out a centralized offshore capability that will deliver agile, insightful, and cost-efficient assurance. CA also provides a resource augmentation service to other assurance teams within the Bank, becoming a vehicle to effectively manage assurance costs and resources. Also, CA works together with the RCAS Automation and Analytics team to develop, test and deploy their Continuous Assurance objectives. 

The role holder will be required to support the VicePresident, Technology, Cyber Security and Data (TCSD) and Head of CA (GSC Country Location Name) in leading or working with a team to assess the effectiveness of controls relating to the TCSD risks and identifying and raising issues where control gaps lead to material unaddressed risks.

Main activities: 

• Evaluate a portfolio of controls for design effectiveness, operating effectiveness and/or risk management outcomes, raising issues as appropriate. Customize and localize standard test scripts and then evaluate assigned controls for design and operating effectiveness, raise issues as appropriate. 
• Ensure that assigned control assessments are accurate, effective, abide by CA and RCAS methodology, procedures, and templates, and meet quality control requirements and are delivered on time, in accordance with the CA assessment plan.
• Supervise the delivery of assigned control assessments not limited to System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Change Management, Incident Management, Recovery Management, Software Development Lifecycle (SDLC), and other general controls; using experience and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required.
• Manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimizing contention where possible and requesting support, where deemed necessary.
• Manage the documentation of distinct control types, covering key aspects, such as remit, main processes, and handovers to other teams.
• Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the TCSD control owners to improve processes and manage risks to achieving operational and strategic goals. 
• Ensure that issue owners complete sufficient root cause analysis for all material issues and have appropriate remediation plans in place.
• Support the Head of Control Assurance (GSC Country Location Name) in fulfilling CA responsibilities as required, including budget management, resourcing, and feeding into the development of procedures and templates.

• Minimum of 3 years proven experience in Assurance, Testing, Audit, or consulting roles for IT / Cyber / Data either in second or third line of defense capacity.
• Experience in auditing / testing operating systems, databases, networks, security systems, cloud services and other general controls; Change Management, Incident Management, Recovery Management and SDLC
• Experience in IT control frameworks (COBIT, NIST CSF, ISO 27001, ITIL). Ability to lead and individually contribute to assurance reviews to measure the banks technology and cybersecurity controls against these framework requirements as applicable.   
• Minimum bachelor’s degree in related field and /or professional Certifications related to Technology/Cybersecurity Risk (e.g., CRISC, CGEIT, CISA, CISM, CISSP
• Proven organizational, planning, interpersonal, managerial, analytical, problem-solving, decision-making, and team building skills.
• Ability to exercise discretion, work independently within broad guidelines, tactfully handle sensitive and confidential data and complete assignments timely with a professionally inquisitive adaptable and innovative mindset.
• Ability to manage conflicting priorities effectively and proven ability to meet challenging deadlines.
• Experience working with local and regional stakeholders and an understanding of global standards of quality and the ability to work with different cultural groups and build consensus and rapport.
• Experience utilizing data analytics tools and techniques (desirable)
• Requires understanding of the changing regulatory landscape regarding TCSD functions within the banking industry.
• Fluent in both oral and written English.

¡You’ll achieve more when you join HSBC!

At HSBC we offer our colleagues a greater number of days so that they can fully enjoy their wedding, take care of the new member of the family, or grieve the loss of a family member. Our paid leave package is at the forefront in Mexico, now you have one more reason to be HSBC and proudly live a culture of well-being, balance and care

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. 

***Issued by HSBC Electronic Data Processing (México) Private LTD***