Our purpose – Opening up a world of opportunity – explains why we exist. Here at HSBC we use our unique expertise, capabilities, breadth and perspectives to open up new kinds of opportunity for our more than 40 million customers. We’re bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Big Bank Funding. FinTech Thinking.

Our technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply, and securely. We also run and manage our IT infrastructure, data centers and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and program managers.

We are currently seeking a Head of Cybersecurity Risk and Controls Strategy (CRCS) Business Engagement for the Americas Region, to join HSBC’s Cybersecurity team within Technology.

Brief overview of the business areas:

The Cybersecurity function is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.

What you will be doing:

The Head of CRCS Business Engagement for the Americas will play a key role in coordinating activities required to implement the Cybersecurity Risk and Controls Strategy across the Region. This role will report into the Global Head of CRCS and the Chief Information Security Officer for the Americas, and closely collaborate with the CRCS Business Engagement Leads supporting other regions and businesses HSBC operates in, as well as with the rest of core CRCS functions. Key responsibilities of the role include establishing and executing processes across the Americas to strengthen engagement for control design and monitoring, tailoring metrics and management updates across all tiers of the organization, ensuring an accurate reflection of cybersecurity risks and controls across the environment, and participating in response to independent challenge of same.

The ideal candidate will possess strong leadership and communication skills, a wide knowledge across all cybersecurity domains, the ability to craft and champion well-articulated risk analysis, and experience in managing international stakeholders. The role holder will be required to manage engagement with senior stakeholders including the regional and business CIOs and COOs; Cybersecurity Leadership and staff; regional, in-country and global business teams; Chief Controls Office (CCO) Technology, Independent Risk and Internal Audit teams.

As our Head of Cybersecurity Risk and Controls Business Engagement you will:

Key Accountabilities:

Building out, leading and managing the CRCS Business Engagement activities to the Americas RegionWorking closely with core CRCS functions and the wider Cybersecurity teams to ensure the designed controls are embedded, fully understood and adhered to, emphasizing adoption at the business and regional levelRepresenting CRCS in regional and business senior management forumsWorking with the Control Owners, Independent Risk, Internal Audit and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library and federated controls owned by the business, are designed according to the Bank’s requirements and industry standards and best practices (e.g. NIST CSF)Working with Cybersecurity Control Design and Continuous Control Monitoring teams to ensure local control issues are properly fed into global control design, monitoring and governanceWorking with Cybersecurity MI Reporting team to feed requirements from the business and geographies, ensuring continuous evolution of MI reporting, tailored to our global audienceWorking with Cybersecurity Risk Control Strategy (CRCS) teams to ensure that the measurements defined provide sufficient data for regional and business stakeholder reports and are aligned with the Cyber Risk Quantification (CRQ) modelSupport the Global Head of CRCS with designing, managing and maintaining processes and engagement model for the CRCS Business Engagement function

The role holder will manage CRCS activities to support the Americas Region within CRCS Business Engagement team that is part of HSBC’s 1LoD Cybersecurity Risk and Controls Strategy (CRCS) function. As such the role holder must possess significant controls management experience, strong stakeholder management skills and experience, in order to help deliver a unified approach to controls management across the Group.

The CRCS Business Engagement team is responsible for implementing each of the core areas of CRCS within business and geographies:

Cybersecurity Risk Quantification (CRQ) – development, implementation and management of a mathematical model calculating the impact of improvements made to our control environment on risk exposure reduction. Providing an industry leading opportunity to translate complex cybersecurity concepts into business-friendly information allowing to make informed decisions in line with our risk appetiteCybersecurity Controls Design – designing Procedures, Operating Instructions and Control Instances, expanding on the newly implemented Risk Taxonomy and Control Library. Define and maintain a detailed Cybersecurity Controls Catalogue, continuously improving our controls design and implementation requirementsMetrics Reporting – definition and management of Key Control Indicators and providing a ‘front-door’ service to Global Businesses, Functions and Regions for any queries related to KCIs and output of the new Cybersecurity Metrics dashboardContinuous Control Monitoring – developing the approach, implementing and maintaining a process for ongoing control monitoring. Designing an approach for automated evidence collation to facilitate reviews from Chief Controls Office, Resilience Risk and AuditRisk Controls Strategy – embedding CRQ into wider Operational Risk Management Framework and controls ecosystem. Tying together all other components of the function into a cohesive strategy to ensure robust end to end control management and risk quantification

For this role, HSBC targets a pay range between $148,300.00 and $222,500.00

The final fixed pay offer will depend on the candidate and a number of variables, including but not limited to, role responsibilities, skill set, depth of experience and education, licensing/certification requirements, internal relativity, and specific work location.

At HSBC, our overall goal is to provide a competitive Total Reward Package, with an appropriate mix of fixed pay, and variable pay, as part of an employee’s overall total compensation and benefits. Variable pay generally takes the form of discretionary, annual awards (sometimes referred to as a “bonus”). Additionally, HSBC offers a wide range of competitive and flexible benefits designed to help you improve your health and well-being, finances, and lifestyle.