Job descriptionRole PurposeResponsible for overseeing the management of all Information Security Risk (ISR) policies, processes and projects within their respective line of business to ensure that proportionate and effective information security controls are established and maintained.Principal AccountabilitiesUndertake Information Security consultation – This is undertaken on both an ad hoc and organised basis and is vital for ensuring that information security controls are appropriate to the line of business and any risks identified by the line of business can be considered in the broader regional/global contextSupport the implementation of primary ISR controls – This involves engaging with the implementation of several large ISR projects including:Training and AwarenessInformation ClassificationSecuring Information (Storage, Transfer, Use, and Disposal)Secure Email/Email MonitoringIncident ManagementEnd User Computing (EUC)Remote WorkingThird Party Risk GovernanceSecuring Third Party Data TransfersAccess ManagementManage the secondary ISR controls – This involves checking compliance with ISR policy to ensure that physical and electronic information is appropriately secured throughout the information life-cycle (storage, transfer, use, and disposal).
Autonomously identify and manage information security risks that are specific to their line of business/function in conjunction with direction from the Chief Information Security Officer (CISO – also referred to as CIRO in some regions)Provide regular reporting to senior management and the regional ISR structure on risk and project progressEngage business/department management to ensure ownership and remediation of internal/external audit and regulatory requirements pertaining to information securityParticipate in all relevant conferences and meetings with the regional ISR structureOversee and participate in the implementation of all relevant projects/initiatives emanating from the regional ISR structureAssess whether business projects adhere to ISR practices and take appropriate action to ensure remediation of any issue- Validate the design and operational effectiveness of key controls.
Knowledge on framework methodology related to Internal Control assesment such as COSO:Validate the design and operating effectiveness of the key controls through inspection, inquiry, observation etc.Document the control review on to ensure control assessments are accurate, effective, comply with procedures and templates, and meet quality control requirements.Actively challenge poor, inefficient or excessive controls, related to the key controls of the function.Perform an end-to-end process walkthrough, to identify the key controls of the process, and to know if they comply with local or global procedures.RequirementsKnowledge of information security trends and best practice (e.g. GASSP, ISO27001, etc)Knowledge of internal control trends and best practice (e.g. COSO, ISO31000)Previous experience in developing and implementing information security strategies and projectsAdvance skills in OfficeGood English levelFamiliarity with the Information Security sections of the Operations and IT FIMsExcellent communication and interpersonal skillsProven project and risk management capabilities with a focus on resolving complex problemsEffective team and matrix management skills in multi-cultural environmentsWorking knowledge of applicable security/risk concepts and methodologiesWorking knowledge of the underlying technologies within HSBCWell organised, autonomous and determinedHSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count.
We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment.
We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.
📌 Advisor - Business Risk & Control Management
🏢 Hsbc
📍 Cuauhtémoc