Cybersecurity Governance Risk and Compliance Lead in Sheffield

Job Title: Governance, Risk and Compliance Lead

Big Bank Funding. FinTech Thinking.

Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.

Role Description:

The Cybersecurity Governance Risk and Compliance Lead for the region is charged with protecting the HSBC brand, shareholder value, information assets and financial assets within the respective region through their support to the Head of Cybersecurity Regulatory Compliance & Remediation.

Responsibilities:

• Develop and maintain strong relationships with the Regional Information Security Officer (RISO) to identify and ensure regional/country specific legal and regulatory requirements are met.
• Maintain oversight of the regional risk profile, appetite, incidents and control effectiveness and provide robust risk challenge to the same audience when cyber security risk appetites are breached.
• Work with the overall Regulatory Compliance team who provide centralized reporting (including KPI/KRI/KCI’s) to support the regional reporting into regulators and other internal and external stakeholders with regards to the Group’s risk appetite and control effectiveness.
• Drive an effective engagement and governance process across the region that is demonstrably adding value to all target stakeholders.
• Work with the Cybersecurity Communications & Training team to ensure that cyber related training and awareness has been delivered for all relevant Regional stakeholders.
• Provide oversight and delivery of metrics and reporting in to the relevant regional governance committees.
• Provide oversight and support regional stakeholders in managing regulatory compliance requirements across major markets driving a response to regulatory enquiries and exams.
• Provide regional input into the definition of security standards based on policies defined by the ORR function, lead the Cyber Security Agenda and oversee effectiveness of controls to ensure regional compliance with policies and standards across the region.
• Coordinate regional responses to Third Party / Client questionnaires and enquiries received by HSBC.
• Work with the Regional Information Security Officer (RISO) to:
  • Proactively track, challenge and drive to closure all Cybersecurity owned issues (i.e. audits, MSII’s) and maintain oversight of Cyber Security’s control environment within the region
  • Proactively manage the gaps identified during security testing activities through established governance to drive remediation of gaps and track to closure

Essential Skillset/Experience:

• Typically educated to degree level, within IT and Risk. Industry qualifications (CISSP, CISA, CISM).
• Experience in Governance, Risk and Compliance.
• Regulatory engagement, experience in dealing with compliance matters, and regulatory liaison.
• Knowledge of Cyber regulatory requirements in region/globally.
• Experience in Technology and Cyber Security Frameworks, e.g. NIST.
• Ability to build strong relationships and communicate on complex issues with a wide spectrum of stakeholders.
• Understanding of business finance and experience of effective management of budgets and expenditure.
• Comprehensive understanding of banking and security in context of wider industry trends and direction

The role will be based in Sheffield.

Come Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of ethnicity, religion, age, physical or mental disability/long term health condition, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by local law in the jurisdictions in which we operate. Within the work place you will have access to various employee resource groups which aim to promote and achieve a healthy work / life balance and support our diversity ambitions.  HSBC has in place processes in order to avoid nepotism, which means to avoid creating circumstances in which the appearance or possibility of conflicts of interest may exist within the hiring process.

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.