Vice President - ASP IWPB Cybersecurity Intelligence and Technology and Resilience Risk

• Responsible for providing Technology & Cybersecurity risks and Third Party risks input to the business in support of their risk management activities, translating technical related aspects
• Group and IWPB IT owned remediation actions to non-technical business terms
• Supporting the business in ensuring that Technology & Cybersecurity risks and Third-Party risks in the RCAs are adequately understood, assessed, documented, gaps identified, and appropriate remedial actions agreed
• Ensuring the business understand which VH and H issues have a material impact to their business and support the business in developing and executing appropriate ICMPs
• Responsible for assisting the Business in the identification, documentation and resolution of Technology & Cybersecurity risks and Third-Party risks issues and control gaps
• Support the business with the implementation of Technology & Cybersecurity risks and Third-Party risks controls, through engagement with corresponding projects / programmes
• Responsible for providing Business and Senior management with a view of their Technology & Cybersecurity risks and Third-Party risks landscape through appropriate metrics and timely updates
• Furthermore, the role is required to work with senior management to articulate their risk appetite and address key strategic risks, as well as to ensure that senior ASP IWPB stakeholders have appropriate visibility to the risks
• The role holder should ensure appropriate challenge of ASP IWPB when risk appetites are breached
• The role is required to monitor Technology & Cybersecurity risks and Third-Party risks, controls, policies and standards to validate control effectiveness
• Moreover, undertaking deep dives of related risk issues and monitoring timely resolutions including the capability to detect, respond and recover from incidents are needed
• Responsible for engaging with Global Resilience Risk and other 2LoDs functions, responding to 2LoDs requests and ensuring 2LoDs observations are understood where required remediation plans are in place
• Responsible for engaging with key supporting functions within the 1LoDs & 2LoDs to develop and define a strategic direction, including defining risk appetites across ASP IWPB, understanding, and addressing the business needs & expectations, and expressing these using Risk Indicators
• Also, collaborating with other stakeholders to support IWPB on a global and regional basis, drive consistency and high standards, in line with HSBC’s values and behaviors, and ensure that IWPB lead remediation impacting ASP is understood and ASP IWPB responds appropriately
• Responsible for maintaining a culture of Technology & Cybersecurity risks and Third-Party risks awareness & good conduct through supporting regular risk communications, awareness and training by engaging knowledgeable Department BIRO network
• Accountable for developing and maintaining where required an engaged and active network of ASP IWPB Markets CITROs and BIRO’s, ensuring CITRO/BIRO responsibilities are performed as documented in the global BIRO SOP
• Ensure staff across ASP IWPB markets are aware of the relevant Information, Systems and Data policies, and provide advice and guidance on how to facilitate compliance
• Strategy / Vision - Be able to define and implement a vision and strategy for risk capability across ASP IWPB and communicate to key stakeholders and get their buy-in
• Influence - Have significant gravitas that will be obvious to all engaged teams of HSBC, which will enable face off to senior management and DBS/IT stakeholders in order to win their confidence and help influence their decisions
• Must be able to engage with senior business leaders, CROs, COOs, R&Cs, BIROs, and board level management
• Communication - Have excellent communication skills to be able to build relationships with key internal & external stakeholders and be able to sell a strategy and vision

• Work Experience: Risk Management (5 years +)
• Have an advanced level and extensive amount of IT, Information Security Risk and Cyber Risk Management knowledge to face off appropriately to the different risk managers in the Group and external parties
• Overall work experience preferably more than 10 years
• HSBC Knowledge – A detailed understanding of HSBC and how it works including people, process, and technology
• Business Knowledge – Knowledge of all major areas of a Global Banking and Financial Services organization
• Preferable IWPB experience / understanding
• Ability to represent the interest and concern of IWPB
• Technology Knowledge – Advanced level of understanding of diverse technology including infrastructure, network, and applications
• Experience in large enterprise systems development lifecycle
• Expert level of understanding of fundamental information security controls, principles, and technology
• Transformation - A very strong change delivery track record in large global organizations
• Demonstrated record of delivering programmes
• Span of Control - A proven track record of managing large complex areas in terms of operations, processes, headcount and budget
• Location – Willing to travel internationally to manage global / regional responsibilities
• Style - A change agent who is not afraid to change the status quo in order to drive Group strategy with the discipline to recognize when existing people, process and technology can fulfil business needs
• A self-starter and ability to lead the markets to deliver the expected outcome
• Academics: Minimum Bachelor of Sciences or Engineering university degree is preferable
• Language: Must have business English fluency
• Another major world language considered a plus

Another major world language

• Continuous professional development
• Flexible working
• Opportunities to grow within an inclusive and diverse environment