Information Security Risk Assurance Lead Reviewer

  • Negotiable
  • Edinburgh, Scotland, United Kingdom Edinburgh Scotland GB
  • Permanent, Full time
  • HSBC Bank plc
  • 19 Jul 18 2018-07-19

Global Risk is a thriving and expert risk management function supporting HSBC globally with all aspects of risk management.

The team actively manages a varied and dynamic range of risk types, including security, fraud, information security, contingency, geopolitical, operational, credit, pension, insurance, financial crime and regulatory compliance, market and reputation risks. All parts of the Global Risk team use their skills, insight and integrity to handle established threats and those they see emerging, acting to protect and enable HSBC to deliver sustainable growth.

We are currently seeking an ambitious individual to join our Global Risk team, working together with colleagues to define, manage and achieve divisional business targets.

In this role, you will:

  • Conduct Assurance Reviews of Information Security Risk in business areas and within Information Security Risk
  • Provide an assessment of information security control effectiveness and possible improvements
  • Track and assess remediation of review findings
  • Undertake pre-assurance data gathering activities
  • Develop techniques to improve the quality or ease of data gathering
  • Liaise with interested parties including Audit, and other 2LoD functions external to ISR such as Operational Risk
  • Advise on and supporting GB/GF work to remediate findings and improve information security controls
  • Work with the relevant SMEs to ensure that Assurance Reviews cover all aspects of Information Security Risk
  • Work with Risk Analysis to understand how metrics can be improved and production regularised
  • Collaborate effectively with SMEs from a number of different ISR teams to deliver an effective Assurance Review
  • Work as part of virtual Assurance Review teams as either a Lead Reviewer or Assurance Analyst as required
  • Support the global Assurance Review process through collaboration with colleagues around the world and sharing best practice
  • Make suggestions on improvements to assurance review processes

To be successful in the role, you should meet the following requirements:

  • Minimum Bachelor Degree and/or related experience in the Financial Services industry or global corporate service provider
  • The role requires a good knowledge of Information Security Risk policies, standards and controls
  • Should possess strong analytical skills to undertake analysis and interpretation of information risk related data for the area under review and to analyse the responses and information supplied by the 1LoD Representative(s) during the review
  • Have the ability to assess the effective application of Information security Controls in GBs/GFs by the first line of defence
  • Have experience of dealing with senior management across Global Businesses and Functions
  • Experience working in relevant environment/s, i.e. Information Security, IT Operations, Software Delivery, IT Audit, or Risk
  • Able to explain information security risks clearly and in non-technical language to the business and how these apply to them
  • Have knowledge of ISR's role within the three lines of defence and the Operational Risk framework
  • Able to assess the design effectiveness and operational effectiveness of information risk related controls in Risk & Control Assessments (RCAs) and Internal Control Monitoring Plans (ICMPs)
  • When required, be able to provide advice to areas that have been reviewed on how to address any identified information security weaknesses
  • Have an understanding of the Operational Risk framework, in particular RCAs, ICMPs and issue and incident management
  • Have a strong knowledge of the Business Information Risk Officer (BIRO) and Business Risk & Control Monitoring (BRCM) programmes and what the responsibilities of BIROs and BRCMs are in relation to Information risk
  • Good technical writing skills to allow the results of assurance reviews to be presented clearly, concisely and consistently
  • Able to build connections and work effectively with a virtual team of people across boundaries working on global assurance reviews
  • When required, able to escalate issues appropriately in order to ensure that remedial action is taken by areas that have been reviewed to address any weaknesses identified.
  • Able to work effectively with other areas outside of ISR such as Audit and other second line of defence areas, especially Operational Risk
  • Need to have strong interpersonal skills to build and maintain relationships with a wide range of people during the assurance review process, even when conveying difficult messages
  • A flexible and adaptable approach to change and will support others to respond in a similar way
  • A flexible and adaptable management style with experience of developing yourself and others
  • Professional Security Qualifications such as CISA, CISM, CRISC - preferable

For further details and application information please visit our careers site, searching under reference number 0000AZY5

You'll achieve more when you join HSBC.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hong Kong and Shanghai Banking Corporation Limited.