Country Cybersecurity Engagement and Governance Manager
Some careers prize diversity more than others.
If you're looking for a role where you will continue to be respected as an individual and valued for the contributions you make, remember how diversity drives success right here at HSBC.
Operations, Services and Technology is a pivotal part of the Group, providing essential operational and technical support to our global businesses and helping improve customer service and efficiency. Operations, Services and Technology combines global expertise and technology to help keep us ahead of the competition.
We are currently seeking an experienced professional to join our team in the role of Country Cybersecurity Engagement and Governance (GCB4).
Cybersecurity is responsible to enable businesses and functions to manage their Cyber security risks. Ensuring risk and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.
This is a senior role within the regional Cybersecurity function and supports the Regional Head of Cybersecurity to deliver the overall goals of the Cybersecurity department and specifically for their country.
Specific responsibility for leading Cybersecurity activities in country, including but not limited to; primary point of contact to represent the Cybersecurity team for local business, technology and risk stakeholders. Responsible to build, record, maintain and improve the country cyber risk and control posture in line with global standards and technology supporting local language requirements (where required). Primary Responsibilities
- Well aware of current and emerging technology risks affecting the industry which could potentially affect HSBC's risk profile
- Ensuring information assets and technologies are adequately protected, which includes:
- Formulating and facilitating effective implementation of TRMF and CRF
- Enforcing compliance with these frameworks and other technology related regulatory requirements
- Providing strategic insights on technology risk and security matters as well as HSBC's technology security risk profile to senior management
- Regulatory engagement and Cyber governance:
- Represent the HSBC countries legal entities for regulatory, audit and external security engagements (where required)
- Manage any local regulation or certification work (queries, surveys, questionnaires, assessments)
- Proactive awareness of Cybersecurity in-country regulatory requirements
- Establish local Cybersecurity governance meeting to proactively drive audit, regulatory and other issues
- Work with local IT to drive, track, monitor and close Cybersecurity control gaps
- Educate and inform in-country personnel of Cybersecurity risks and appropriate controls
- Demonstrate the attitude and culture expected from a global organisation and HSBC's Values (Open, Depdendable and Connected)
- Remit is management of all Malaysia Cybersecurity Leadership and direction.
- Matrix management of in country Cybersecurity resources (where applicable)
- Establish in-country stakeholder relationships i.e. relevant technology teams; business management; regulatory compliance; risk management; third party management.
- Determine countries risk prioritisation, remediation requirements and overall Cybersecurity posture.
- Promote Cyber awareness, clear reporting i.e. of global / regional inititatives; threat intelligence etc.
- Participate in the community of Cybersecurity globally and regionally to ensure regional consistency, best practices etc. for Cybersecurity and Risk management
- Ensuring adherence to global standard methodology, SLA's, quality, templates and tools.
- Determine and drive country nuances/requirements to be addressed by the in-country global security capabilities / services teams.
- Overseeing country implemention and gap assessments of global, regional and local initiatives.
- Owning and driving special projects and complex initiatives aligned to industry best practices.
- Maintain country cyber reporting and schedules (KRI's, KPI's, testing) as required by the function and/or regulators.
- Participate in Cybersecurity forums with industry peers.
- Mentoring / Coaching / Guidance for other team members
- Entity reporting to Country Chief Admin Officer and functional reporting to Regional Head of Cybersecurity
- Minimum Bachelor Degree and/or experience in IT security governance and operational processes, preferably in the Financial Services industry or global corporate service provider
- Background - desirable but NOT essential one or more; project management, risk management, Audit, Information Security
- Qualifications - essential one or more; ISO270001, CISA, CISM, CISSP, CRISC
- Availability to travel (if required) for this role, i.e. travel within country as well as occasional International travel
- Positive and professional attitude, team player, flexible and adaptable, open to change(s)
- Confident and takes responsibility and ownership for work and personal development
- Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English and Chinese)
- Ability to communicate technical subject matter to non-technical stakeholders
- Previous experience of delivering an excellent customer service
- Ability to quickly develop good working relationships with stakeholders
- Ability and self motivation to learn and pick things up quickly