Job description
role purpose
responsible for overseeing the management of all information security risk (isr) policies, processes and projects within their respective line of business to ensure that proportionate and effective information security controls are established and maintained.
principal accountabilities
* undertake information security consultation – this is undertaken on both an ad hoc and organised basis and is vital for ensuring that information security controls are appropriate to the line of business and any risks identified by the line of business can be considered in the broader regional/global context
* support the implementation of primary isr controls – this involves engaging with the implementation of several large isr projects including:
* training and awareness
* information classification
* securing information (storage, transfer, use, and disposal)
* secure email/email monitoring
* incident management
* end user computing (euc)
* remote working
* third party risk governance
* securing third party data transfers
* access management
* manage the secondary isr controls – this involves checking compliance with isr policy to ensure that physical and electronic information is appropriately secured throughout the information life-cycle (storage, transfer, use, and disposal).
autonomously identify and manage information security risks that are specific to their line of business/function in conjunction with direction from the chief information security officer (ciso – also referred to as ciro in some regions)
provide regular reporting to senior management and the regional isr structure on risk and project progress
engage business/department management to ensure ownership and remediation of internal/external audit and regulatory requirements pertaining to information security
participate in all relevant conferences and meetings with the regional isr structure
oversee and participate in the implementation of all relevant projects/initiatives emanating from the regional isr structure
assess whether business projects adhere to isr practices and take appropriate action to ensure remediation of any issue
- validate the design and operational effectiveness of key controls. Knowledge on framework methodology related to internal control assesment such as coso:
* validate the design and operating effectiveness of the key controls through inspection, inquiry, observation etc.
* document the control review on to ensure control assessments are accurate, effective, comply with procedures and templates, and meet quality control requirements.
* actively challenge poor, inefficient or excessive controls, related to the key controls of the function.
* perform an end-to-end process walkthrough, to identify the key controls of the process, and to know if they comply with local or global procedures.
requirements
* knowledge of information security trends and best practice (e.g. Gassp, iso27001, etc)
* knowledge of internal control trends and best practice (e.g. Coso, iso31000)
* previous experience in developing and implementing information security strategies and projects
* advance skills in office
* good english level
* familiarity with the information security sections of the operations and it fims
* excellent communication and interpersonal skills
* proven project and risk management capabilities with a focus on resolving complex problems
* effective team and matrix management skills in multi-cultural environments
* working knowledge of applicable security/risk concepts and methodologies
* working knowledge of the underlying technologies within hsbc
* well organised, autonomous and determined
hsbc is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., we consider all applications based on merit and suitability to the role.