Job Title: DevSecOps & Cybersecurity Technical Training Manager
Big Bank Funding. FinTech Thinking.
Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.
Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
Role Description:
The DevSecOps & Cybersecurity Technical Training Manager will be a key part of the Cyber Education and Awareness team, reporting to the Senior Education and Awareness Manager (for High Risk Users). You will be a subject matter expert and lead the design and delivery of Cybersecurity training for technical audiences such as architects, engineers and developers.
Responsibilities:
- Working closely with user research and vulnerability data analysis to inform the design and delivery of cybersecurity training to any technical audience especially Developers and Application Security Leads. However, scope could also include architects and non-code-based engineers.
- Using data and insights to demonstrate the effectiveness/impact of the solutions you deliver.
- Using your subject matter expertise, you can design proxy measures to demonstrate how training solutions support our overall outcomes. We want to measure more than just our output (e.g., courses completed) and demonstrate an impact on DevSecOps (DSO) metrics such as reduced time to remediate or reduction in recurring vulnerabilities.
- Work closely with the Cybersecurity Assessment and Testing (CSAT) function, Pre-Production Assurance and Vulnerability Management (SECA and VULN) Control owners, Global Engineering, Global Developer Experience Team to gather inputs, validate and test the impact of proposed training and ultimately implement joined up solutions to our target audience
-
Design and deliver experiments to test targeted training and capability uplift solutions for example
- Use of IDE plugins
- CICD integrations to check a developers’ capability/training status at the point of committing code
- Secure-athon events/initiatives
- Design and deliver at scale successful targeted training and capability uplift programmes that maximise use of our current secure development training platform. Effectively transforming it from a compliance-led certification programme to an enabler of our shift left ambitions.
- Through a data-driven approach, identify gaps/opportunities in our security training tooling and design and deliver pilots to address these opportunities. This could include identifying and trialling 3rd party vendors.