Cybersecurity - Third Party Security Review -Team Manager
Toluca-México [SPR] (Carmen) Bachelor's Degree Project / Product management
Job description
“HSBC is committed to building a culture where all employees are valued, respected and where their opinions count. We want to build a culture where our employees are comfortable in bringing their whole self to work, regardless of gender, age, sexuality, ethnicity, disability, religious belief, background, and any other aspect of personal difference.”
"HSBC employees are committed to act with courageous integrity and standing firm for what is right. We are reliable, open to different ideas and cultures and connected with customers, community, regulators and with each other."
Job Purpose
This job role is responsible for operating as part of a global/regional team within Cybersecurity to define and implement an industry leading Cybersecurity Service that supersedes our constantly changing information security threats. This role is accountable for direct management of a team and/or managing regional relationships.
This role will carry out some or all of the following activities:
· Collaborate with the Global, Regional and Country representatives of Technology plus other peer managers to implement the team’s goals within entity policy, expense and regulatory constraints.
· Lead and support peers within the Cybersecurity function to define and implement an industry leading Cybersecurity Service that supersedes our constantly changing information security threats.
· Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties
· Ensure compliance with internal audit and external regulators that any organisational changes are fit for purpose and meet their expectations
· Contribute to the Sub-function/Region Cybersecurity strategy to secure the bank’s technology from the inside out, whilst maintaining, protecting and enhancing HSBC’s values, reputation and stakeholder value
· Contribute to the overall definition of responsibilities and accountabilities of Cybersecurity within HSBC and build a team which supports the Cybersecurity model and defined strategy
· Responsible for ensuring effective engagement with GB/GF/Regions
· Embeds best practice management and supports implementation of transformational change
· Management responsibility for a team, providing clear direction, setting performance targets of direct reports and contributes to employees’ professional development
· Build plans and budgets for respective team which identify value and cost reduction opportunities
Principal Accountabilities:
· Responsible for delivering the Third Party Service in line with the Global methodology to identify third party information security risks
· Provide line / functional management to Third Party Service team members
· Provide guidance for Third Party Security Review related enquiries
· Provision of MI / Reporting as required
· Ensuring good stakeholder engagement
· Working closely with Third Party Security Review colleagues in other geographies
· Support overall activities of Global Third Party Service, including any special initiatives / projects
· Owning and driving special projects
· Ensuring team and own adherence to global standard methodology, SLA’s, quality, templates and tools
· MI / Reporting (actual generation of reports or contribution to appropriate reports)
· May be required to deputise for Global Service Lead
Mentoring / Coaching / Guidance for other team members
Certifications, Qualifications & Experience
The ideal candidate for this position will have:
· Minimum Bachelor Degree and/or experience in operational processes or third party information security reviews in the Financial Services industry or global corporate service provider
· Background - desirable but NOT essential one or more; risk management, Audit, ISR, IT Security
· Previous Team / Line Management experience
· Qualifications - desirable but NOT essential one or more; ISO270001, CISA, CISM, CISSP, CRISC
· Availability to travel (if required) for this role, i.e. travel within country as well as occasional International travel
· Positive and professional attitude, team player, flexible and adaptable, open to change(s)
· Confident and takes responsibility and ownership for work and personal development
· Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
· Ability to communicate technical subject matter to non-technical stakeholders
· Previous experience of delivering an excellent customer service
· Ability to quickly develop good working relationships with stakeholders
· Ability and motivation to learn and pick things up quickly
This position requires an individual with:
· Have extensive experience with IT, cybersecurity best practices, risk assessment and/or security testing/ethical hacking
· be highly skilled in 1 or more Cybersecurity Domains.
· have a minimum 5-7 years in a Cybersecurity role
· have a minimum of 3 years leadership (projects, resource etc.)
· Ensuring that TPSR Service processes are engineered to address known and emerging threats, risks and regulations.
· Ensuring that strategic solutions for assessing, measuring and reporting on the Service are successfully implemented
Continually reassessing the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology
Desired profile
Qualifications :
“HSBC is committed to building a culture where all employees are valued, respected and where their opinions count. We want to build a culture where our employees are comfortable in bringing their whole self to work, regardless of gender, age, sexuality, ethnicity, disability, religious belief, background, and any other aspect of personal difference.”
"HSBC employees are committed to act with courageous integrity and standing firm for what is right. We are reliable, open to different ideas and cultures and connected with customers, community, regulators and with each other."
Job Purpose
This job role is responsible for operating as part of a global/regional team within Cybersecurity to define and implement an industry leading Cybersecurity Service that supersedes our constantly changing information security threats. This role is accountable for direct management of a team and/or managing regional relationships.
This role will carry out some or all of the following activities:
· Collaborate with the Global, Regional and Country representatives of Technology plus other peer managers to implement the team’s goals within entity policy, expense and regulatory constraints.
· Lead and support peers within the Cybersecurity function to define and implement an industry leading Cybersecurity Service that supersedes our constantly changing information security threats.
· Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties
· Ensure compliance with internal audit and external regulators that any organisational changes are fit for purpose and meet their expectations
· Contribute to the Sub-function/Region Cybersecurity strategy to secure the bank’s technology from the inside out, whilst maintaining, protecting and enhancing HSBC’s values, reputation and stakeholder value
· Contribute to the overall definition of responsibilities and accountabilities of Cybersecurity within HSBC and build a team which supports the Cybersecurity model and defined strategy
· Responsible for ensuring effective engagement with GB/GF/Regions
· Embeds best practice management and supports implementation of transformational change
· Management responsibility for a team, providing clear direction, setting performance targets of direct reports and contributes to employees’ professional development
· Build plans and budgets for respective team which identify value and cost reduction opportunities
Principal Accountabilities:
· Responsible for delivering the Third Party Service in line with the Global methodology to identify third party information security risks
· Provide line / functional management to Third Party Service team members
· Provide guidance for Third Party Security Review related enquiries
· Provision of MI / Reporting as required
· Ensuring good stakeholder engagement
· Working closely with Third Party Security Review colleagues in other geographies
· Support overall activities of Global Third Party Service, including any special initiatives / projects
· Owning and driving special projects
· Ensuring team and own adherence to global standard methodology, SLA’s, quality, templates and tools
· MI / Reporting (actual generation of reports or contribution to appropriate reports)
· May be required to deputise for Global Service Lead
Mentoring / Coaching / Guidance for other team members
Certifications, Qualifications & Experience
The ideal candidate for this position will have:
· Minimum Bachelor Degree and/or experience in operational processes or third party information security reviews in the Financial Services industry or global corporate service provider
· Background - desirable but NOT essential one or more; risk management, Audit, ISR, IT Security
· Previous Team / Line Management experience
· Qualifications - desirable but NOT essential one or more; ISO270001, CISA, CISM, CISSP, CRISC
· Availability to travel (if required) for this role, i.e. travel within country as well as occasional International travel
· Positive and professional attitude, team player, flexible and adaptable, open to change(s)
· Confident and takes responsibility and ownership for work and personal development
· Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
· Ability to communicate technical subject matter to non-technical stakeholders
· Previous experience of delivering an excellent customer service
· Ability to quickly develop good working relationships with stakeholders
· Ability and motivation to learn and pick things up quickly
This position requires an individual with:
· Have extensive experience with IT, cybersecurity best practices, risk assessment and/or security testing/ethical hacking
· be highly skilled in 1 or more Cybersecurity Domains.
· have a minimum 5-7 years in a Cybersecurity role
· have a minimum of 3 years leadership (projects, resource etc.)
· Ensuring that TPSR Service processes are engineered to address known and emerging threats, risks and regulations.
· Ensuring that strategic solutions for assessing, measuring and reporting on the Service are successfully implemented
Continually reassessing the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology