US Chief Information Security Officer (CISO) and Global Payments Solutions (GPS)

About The Position

Requirements

• Experience in IT security governance and operational processes, preferably in the Financial Services industry or global corporate service provider
• Background – previous experience as a Chief Information Security Officer within the US Financial Services Industry (FSI) is required, including ownership of direct engagements with US FSI regulators (OCC, FRB); strong preference for candidates that have previously served this role at a sizeable ($100bn in assets or larger) firm. Previous experience providing briefings to Board of Directors is a must
• One or more industry recognized cybersecurity-related certifications required (as per Regional Regulatory Requirements) including ISO270001, CISA, CISM, CISSP, CRISC
• Availability to travel (if required) for this role, i.e. travel within country
• Positive and professional attitude, team player, flexible and adaptable, open to change(s)
• Confident and takes responsibility and ownership for work and personal development
• Excellent spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
• Ability to communicate technical subject matter to non-technical stakeholders
• Previous experience of delivering an excellent customer service
• Ability to quickly develop good working relationships with stakeholders and self motivation to learn and pick things up quickly

Nice To Haves

• Desirable but NOT essential is experience in one or more of risk management, Audit, ISR

Responsibilities

• Provide Information Security monitoring and risk reporting for the respective Country, ensuring all Cybersecurity related activities are executed with quality in a timely manner
• Support the Chief Operating Officer (COO), Chief Information Officer (CIO) and the Heads of Technology functions in the respective Country in the management of information security risks and the maintenance of an effective and robust information and cybersecurity control environment
• Leverage global reporting capabilities (augmented to meet specific local requirements) to provide monthly updates to drive Cybersecurity control improvement initiatives
• Own all Cybersecurity related activities for the respective Country regardless of which organization delivers that security service
• Work closely with the RISO to ensure all Region/Country requirements are provided to the Group cybersecurity team in order to drive prioritization and scope definition for these capabilities and programmers
• Track and report on business-critical Cybersecurity strategic transformation programs
• Represent Cybersecurity in relevant management and governance forums
• Align with existing governance structure and drive improvement for the effective management of information security and cybersecurity controls (both cyber owned and non-cyber owned) for the respective Region/Country
• Support the RISO to deliver the Global Cybersecurity strategy for respective Region/ Country following the Group Strategy with local requirements supported
• Support the RISO to build and manage local plans and budgets which identify value and cost reduction opportunities
• Promote Cybersecurity awareness and clear reporting of Region/ Country initiatives, threat intelligence, etc. to improve the overall perception of Cybersecurity as an enabler for business
• Understand the Country's critical assets, identify threats/ vulnerabilities and determine corresponding information security risk levels based on globally established control requirements and augmented by local or jurisdictional requirements
• Work collaboratively with the RISO to drive and support the information security and cybersecurity risk management and remediation activities for the respective Region/Country
• Align with Chief Compliance Officer (CCO), 2nd line, Chief Technology Officer (CTO), and local CIO teams to ensure security is developed by design and work to remediate issues identified, in a timely manner
• Facilitate understanding of cybersecurity risk by senior management in business and technology teams, to ensure informed decision-making while performing business. Ensure risk sits within defined appetite and ensure that this is cascaded up the RISO and CIO in a timely manner
• Work with stakeholders in respective Region/ Country to support the resolution / remediation of all major cybersecurity incidents and in partnership with Global Cybersecurity Operations (GCO) in the respective Region/Country
• Assess the impact of major incidents on respective Region/ Country; work with the RISO and the Global Cybersecurity service lines on action plans to minimize impact
• Work with the RISO and peers to meet common Region/ Country goals, linked to the risk framework i.e. operational risk simulations, incident exercises, cyber-enabled fraud collaboration, data security reporting, exceptional access and risk reviews of regional business initiatives
• Partner with the business to help them achieve their strategic objectives by ensuring that cybersecurity services provided are fit for purpose. Ensure business/ regional/ country strategies and requirements are incorporated within the cyber global investment/ transformation program
• Enable secure business transformation, including support of business led projects, divestitures, mergers and acquisitions within the respective Region/Country as applicable while ensuring that new capabilities and entities are set up securely and adopted efficiently in the respective Region
• Ensure adherence to cybersecurity controls and enable/ facilitate access to existing cybersecurity services to support the business strategy
• Determine and drive the respective requirements to be addressed by the local team members from the global security capabilities/services or central cybersecurity functions
• Support the RISO to oversee the implementation and gap assessments of global, regional and local initiatives for respective Region/Country
• Drive the management and reporting of regulatory compliance requirement for cybersecurity and information security controls in the respective region/ country by collaborating with Cybersecurity central functions
• Build and maintain strong relationships with relevant regional/ country associations, government agencies, forums etc. to represent HSBC's strategic direction with regard to legal and regulatory requirements
• Ensure adherence to the three lines of defense organizational model with clear lines of responsibility, accountability and segregation of duties
• Support the RISO in ensuring compliance with internal audit and external regulators that any organizational changes are fit-for-purpose and meet their expectations
• Face off to the region/country's legal entities for regulatory, audit and external security engagements
• Participate in Cybersecurity forums with industry peers and regional/ country regulators
• Provide review and attestation, as appropriate and where required (e.g., SWIFT attestation, SEC filings, etc.)
• Establish strong stakeholder relationships within the assigned Region/Country
• Entity management of local (within assigned Region/Country) Cybersecurity resources
• Ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organization
• Continually reassess the operational risks associated with the role and inherent in the business
• Ensure all actions take account of the likelihood of operational risk occurring
• Demonstrate adherence to all relevant internal procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators
• Implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term 'compliance' embraces all relevant financial services laws, rules and codes with which the business must comply
• Adhere to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also, when applicable, fostering a compliance culture and optimizing relations with regulators

Benefits

• As an HSBC employee, you will have access to tailored professional development opportunities to ensure you have the right skills for today and tomorrow. We offer a competitive pay and benefits package including a robust Wellness Hub, all in a welcoming and inclusive work environment. You will be empowered to drive HSBC’s engagement with the communities we serve through an industry-leading volunteerism policy, a generous matching gift program, and a comprehensive program of immersive Sustainability and Climate Change Initiatives. You’ll want to join our Employee Resource Groups as they play a central part in life at HSBC, including the development of our employees and networking inside and outside of HSBC. We value difference. We succeed together. We take responsibility. We get it done. And we want you to help us build the bank of the future!