DevSecOps & Cybersecurity Technical Training Manager in Sheffield

Job Title: DevSecOps & Cybersecurity Technical Training Manager

Big Bank Funding. FinTech Thinking.

Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.

Role Description:

The DevSecOps & Cybersecurity Technical Training Manager will be a key part of the Cyber Education and Awareness team, reporting to the Senior Education and Awareness Manager (for High Risk Users). You will be a subject matter expert and lead the design and delivery of Cybersecurity training for technical audiences such as architects, engineers and developers. 

Responsibilities:

• Working closely with user research and vulnerability data analysis to inform the design and delivery of cybersecurity training to any technical audience especially Developers and Application Security Leads. However, scope could also include architects and non-code-based engineers.
• Using data and insights to demonstrate the effectiveness/impact of the solutions you deliver.
• Using your subject matter expertise, you can design proxy measures to demonstrate how training solutions support our overall outcomes. We want to measure more than just our output (e.g., courses completed) and demonstrate an impact on DevSecOps (DSO) metrics such as reduced time to remediate or reduction in recurring vulnerabilities.
• Work closely with the Cybersecurity Assessment and Testing (CSAT) function, Pre-Production Assurance and Vulnerability Management (SECA and VULN) Control owners, Global Engineering, Global Developer Experience Team to gather inputs, validate and test the impact of proposed training and ultimately implement joined up solutions to our target audience
• Design and deliver experiments to test targeted training and capability uplift solutions for example
  • Use of IDE plugins
  • CICD integrations to check a developers’ capability/training status at the point of committing code
  • Secure-athon events/initiatives
• Design and deliver at scale successful targeted training and capability uplift programmes that maximise use of our current secure development training platform. Effectively transforming it from a compliance-led certification programme to an enabler of our shift left ambitions.
• Through a data-driven approach, identify gaps/opportunities in our security training tooling and design and deliver pilots to address these opportunities. This could include identifying and trialling 3rd party vendors.

Essential Skillset/Experience:

• Strong technical subject matter expertise in secure development and/or identity and access management
• You may be an engineer at heart, but have proven experience of stepping out from being a practitioner and now use your unique insider experience to deliver transformational enablement programmes to engineers (eg: Training and development, Change Management/Transformation, Internal engagement and culture change)
• Design thinking: Experienced in creating needs-based solutions that are also measurable and materially reduce risk
• Experience of being part of implementing DevSecOps (DSO) strategy at scale with proven results
• Experience of leading the training/culture change element of implementing a DSO strategy from design through to delivery
• Ideally experience of using Secure Code Warrior or other secure development or technical training platform
• Deep understanding of DevSecOps and the roles and responsibilities within SDLC – able to ‘think like a developer’
• Proficiency with industry tooling, for example: Tenable.io, Nessus, Checkmarx, Netsparker, Kryptowire, IriusRisk, Aqua, etc.

The role will be based in Sheffield.

Come Power a Business that Defines How to Power the World

HSBC is committed to being an inclusive employer and providing an inclusive and accessible recruitment process for all. We will provide reasonable adjustments to remove any disadvantage to you being considered for this role. We are proud members of the Disability Confident Scheme, and will offer an interview to disabled candidates who meet the minimum criteria for the role. If you would like to receive any information in a different way or would like us to do anything differently to help you apply for our roles, please contact our Recruitment Helpdesk:

Email: hsbc.recruitment@hsbc.com

Telephone: +44 2078328500.