Job description

1st Line of Defence Risk & Control Associate

Big Bank Funding. FinTech Thinking.

Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.

MSS Operations Technology is a global team responsible for developing a wide number of key platforms and technologies in use in Markets and Security Services. Be part of a truly global team with colleagues in Guangzhou, Hong Kong, Toronto, Pune, New York & London. Software and solutions used in ~50 sites in HSBC Group. Being part of the team, you will work with many colleagues on a wide range of technology as well as helping to support the MSS Operations function.

Role Description

MSSOT require a Risk and Control Officer to join the expanding RCO Team. RCO team is a critical function in ensuring risk is managed and tracked effectively, audits (internal and external) are professionally managed and successful, the IT teams demonstrate risk awareness. The 1st Line of Defence Risk & Control Associate, will run and grow the practice assisting engineering teams to manage their risk appropriately, adhering to standards, policies and regulatory requirements. You will form strong relationships with technology teams, business and senior management.

Responsibilities

The 1st Line of Defence Risk & Control Associate will help us continue the journey of growing the framework of managing operational risk for MSSOT department making sure the risks taken are within the appetite of senior management both from the business and technology side.
You will participate in group wide programs and department’s initiatives for improving the risk position and control effectiveness of the department.
Assist in the improvement of existing processes and ways of working is key to the role, enabling consistent small gains to contribute to the evolution of our framework.
Provide support for automated application security tooling working with Cybersecurity as necessary
Interpret and advise on the results from security testing to both technical and non-technical audiences
Work collaboratively with the cybersecurity, IT service owners and control owners to drive and support the information security and cybersecurity risk management and remediation activities for the respective business.
Ensure all remediation actions are completed within agreed timelines and work with the appropriate stakeholders within the respective business/ service line to ensure adequate level of support and commitment is available to drive remediation.
Build and maintain collaboration spaces in Confluence. Modify / Update / Design JIRA Dashboards to be used in key decision-making meetings and reviews

Requirements

Essential Skillset/Experience

The 1st Line of Defence Risk & Control Associate will have previous experience with the operational risk management framework on an enterprise level or you are keen to learn about it and you come from a technical background.
You are an excellent communicator and are comfortable communicating to senior stakeholders and internal teams such as audit and are able to range up and down the detail depending on your audience.
Be well-organized, paying attention to detail and precision should be important to you.
You would be keen to achieve or already have industry recognised Information Security certificates (CRISC, CSX)
It would be useful for you to have an understanding of software development lifecycles and modern software delivery approaches such as continuous delivery.
You are comfortable with change and teams and technology and you are interested in simplifying and automating things.

If you’re 1st Line of Defence Risk & Control ready for your next challenge, we’d be keen to hear from you.

The role will be based in Sheffield and supports Hybrid working

Come Power a Business that Defines How to Power the World

HSBC is committed to being an inclusive employer and providing an inclusive and accessible recruitment process for all. We will provide reasonable adjustments to remove any disadvantage to you being considered for this role. We are proud members of the Disability Confident Scheme and will offer an interview to disabled candidates who meet the minimum criteria for the role. If you would like to receive any information in a different way or would like us to do anything differently to help you apply for our roles, please contact our Recruitment Helpdesk:

Email: [email protected]
Telephone: +44 2078328500.

Within the workplace you will have access to various employee resource groups which aim to promote and achieve a healthy work / life balance and support our diversity ambitions. HSBC has processes in place to avoid nepotism. This means we will avoid circumstances in which the appearance or possibility of conflicts of interest may exist within the hiring process.”

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Essential Skillset/Experience

The 1st Line of Defence Risk & Control Associate will have previous experience with the operational risk management framework on an enterprise level or you are keen to learn about it and you come from a technical background.
You are an excellent communicator and are comfortable communicating to senior stakeholders and internal teams such as audit and are able to range up and down the detail depending on your audience.
Be well-organized, paying attention to detail and precision should be important to you.
You would be keen to achieve or already have industry recognised Information Security certificates (CRISC, CSX)
It would be useful for you to have an understanding of software development lifecycles and modern software delivery approaches such as continuous delivery.
You are comfortable with change and teams and technology and you are interested in simplifying and automating things.