Regional Information Security Officer London, England
Job description
Job Title: Regional Information Security Officer
Big Bank Funding. FinTech Thinking.
Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.
Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.
Role Description:
The RISO role is accountable for leading the Cybersecurity function, part of the 1LOD (1st line of defense), in the designated Region, to define and implement an industry-leading Cybersecurity Service that supersedes the Bank’s constantly changing information security threats. In addition, the role acts as the single point of contact for managing Information and Cybersecurity risks and controls (including cyber owned and non-cyber owned controls), relating to their governance, operation, monitoring and reporting.
The RISO role reports into the Global Head of Cybersecurity Business Enablement, which in turn reports into the Group CISO for HSBC. At an entity level the role reports to the Regional Chief Information Officer who in turn reports to the Regional Chief Operating Officer
Responsibilities:
- Act as a single point of contact for Information Security monitoring and risk reporting for the respective Region.
o Support the COO, CIO and the Heads of Technology functions in the respective regions in the management of information security risks and the maintenance of an effective and robust information and cybersecurity control environment.
o Leverage the global reporting capabilities (augmented to meet specific local requirements) to provide monthly updates to drive Cybersecurity control improvement initiatives.
o Own all Cybersecurity related activities for respective Region regardless of which organisation delivers that security service.
o Provide the Group cybersecurity team with the respective Regional requirements to drive prioritisation and scope definition for these capabilities and programmes.
- Align with existing governance structure and drive improvement for the effective management of information security and cybersecurity controls (both cyber owned and non-cyber owned) for the respective Region.
- Deliver the Global Cybersecurity strategy for respective Region following the Group Strategy with local requirements supported.
- Responsible for understanding the risk in the region. Understand the region’s critical assets, identify threats/ vulnerabilities and determine corresponding information security risk levels based on globally established control requirements and augmented by local or jurisdictional requirements.
Partner with the business to help them achieve their strategic objectives by ensuring that cybersecurity services provided are fit for purpose. Understand business/ regional strategies and requirements and ensure business requirements are incorporated within the cyber global investment/ transformation programme
- Experience in IT security governance and operational processes, preferably in the Financial Services industry or global corporate service provider
- Background – desirable but NOT essential exeprience in one or more of risk management, Audit, ISR
- Qualifications –one or more industry-recognised cybersecurity-related certifications required (as per Regional Regulatory Requirements) including ISO270001, CISA, CISM, CISSP, CRISC
- Availability to travel (if required) for this role, i.e. travel within country as well as occasional International travel
- Positive and professional attitude, team player, flexible and adaptable, open to change(s)
- Confident and takes responsibility and ownership for work and personal development
- Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
- Ability to communicate technical subject matter to non-technical stakeholders
- Previous experience of delivering an excellent customer service
- Ability to quickly develop good working relationships with stakeholders
- Ability and self motivation to learn and pick things up quickly
The role will be based in London but some travel may be required. This role supports Hybrid working
Come Power a Business that Defines How to Power the World
HSBC is committed to being an inclusive employer and providing an inclusive and accessible recruitment process for all. We will provide reasonable adjustments to remove any disadvantage to you being considered for this role. We are proud members of the Disability Confident Scheme, and will offer an interview to disabled candidates who meet the minimum criteria for the role. If you would like to receive any information in a different way or would like us to do anything differently to help you
