*role purpose*
ccs internal control advisor is responsible to agreeing timing and frequency, type of monitoring, sample sizes and locations to review end to end collateral & appraisals processes should assess and oversee the on a periodic basis. Any issues should be identified and reported to the monthly rtb governance meetings, and all cases which have crossed the defined collateral perfection timelines must be highlighted by him to the governance meetings (global & local) and other appropriate governance forums/committees to ensure that the process is accurate.
the biro is responsible for assisting the business in providing assurance to the management that all information security risk (isr) policies, controls, processes and projects within their respective line of business have been implemented and to ensure that proportionate and effective information security controls are established and maintained.
*principal accountabilities and responsibilities*
- preparing an internal control plan ('icmp') that captures all business and all material risks and key controls as described for collateral perfection and appraisals.
- oversight and challenge of procedures produced by line management
- identifying emerging risk issues and associated controls through control testing activity
- reporting risk issues, control monitoring and performance data to local management and committees.
- ensure incident mgmt. process is complete, accurate, and timely; record incidents in helios, adhering to thresholds and escalation (as appropriate).
- undertake information security consultation - when required by the business, the biro function can operate in a consultancy capacity for information security risks. This is undertaken on both an adhoc and organized basis and is vital for ensuring that information security controls are appropriate to the line of business and in line with the business's risk appetite. Any risks identified by the line of business can be considered in the broader regional/global context.
- support the implementation of primary isr controls - this also may involve engaging with the implementation of isr projects/programs as outlined in the biro standard operating procedures including:
1. Training and awareness
2. Information classification
3. Securing information (storage, transfer, use, and disposal)
5. Incident management/data leakage prevention
6. End user computing (euc)
7. Third party risk governance
8. Securing third party data transfers
- master your understanding of and execute the brcm process in line with global procedures including:
- oversight and challenge of procedures produced by line management
- identifying emerging risk issues and associated controls through control testing activity
*requirements*:
*functional knowledge*
- negotiation high
- leadership high
- operational risk knowledge high
- microsoft office knowledge (word, excel, power point, visio y project) high
- projects management high
- analysis and understanding of processes high
- verbal ability high
- handling conflicts high
- basic finances knowledge low
at hsbc we are committed to building a culture where al employees and customers are valued regardless of gender, age, sexual orientation, ethnicity, disability, religious belief, background or any other different personal aspect
we at hsbc act with integrity and courage, standing firm on what is right. We are reliable, open to different ideas and cultures connected with customers, the community, regulators and each other.