Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.
We are currently seeking an experienced professional to join our team in the role of Senior IT Security Analyst
Business: Cybersecurity
Principal responsibilities
Customers / Stakeholders
• Report progress and identify and raise any issues/risks, escalating asappropriate to enable satisfactory resolution.
• Build trusting relationships with stakeholders by consistently meeting anddelivering upon their business needs; demonstrating and being respected for
your domain knowledge.
• Deliver fair outcomes for our customers and ensure own conduct maintainsthe orderly and transparent operation of financial markets.
Those stakeholders include:
Supplier management analysts
Project managers from IT or the business
Cryptography Operations and Cybersecurity Global Defense leadership
Leadership Teamwork
Support peers who deliver and maintain the bank’s encryption technologyand the projects consuming the services by understanding their needs and
delivering to them.
Ensuring that work happens according to schedule and with minimaldeviation from process.
Ensuring that best practices are implemented and help the organisationmeet its own and external standards.
Develop and contribute in crypto knowledge objects, procedures, andstandard review.
Operational Effectiveness Control:
Act transparently in line with all appropriate standards.
Ensure that the appropriate internal and external standards are complied withand that the risk of cryptographic compromise is minimized at all times.
Liaise with the cryptography team’s internal control function.
Design, implement and maintain internal controls regarding cryptoinfrastructure and key management.
Plan and execute on project to improve the operational effectiveness
The jobholder will ensure the fair treatment of our customers is at the heart of everything we do, both personallyand as an organisation.
This will be achieved by consistently displaying the behaviours that form part of the HSBC Values and culture andadhering to HSBC risk policies and procedures, including notification and escalation of any concerns and takingrequired action in relation to points raised by audit and/or external regulators.
The jobholder is responsible for managing and mitigating operational risks in their day to day operations. Inexecuting these responsibilities, the Group has adopted risk management and internal control structure referredto as the ‘Three Lines of Defence’. The jobholder should ensure they understand their position within the ThreeLines of Defence, and act accordingly in line with operational risk policy, escalating in a timely manner where theyare unsure of actions required.
Through the implementation the Global AML, Sanctions and ABC Policies, supporting Guidance, and Line ofBusiness Procedures the jobholder will make informed decisions in accordance with the core principles ofHSBC's Financial Crime Risk Appetite.
The following statement is only for roles with core responsibilities in Operational Risk Management (Risk Owner,Control Owner, Risk Steward, BRCM, and Operational Risk Function
The jobholder has responsibility for overseeing and ensuring that Operational risks are managed in accordancewith the Group Standards Manual, Risk FIM, relevant guidelines standards. The jobholder should complywith the detailed expectations and responsibilities for their core role in operational risk management throughensuring all actions take account of operational risks, and through using the Operational Risk ManagementFramework appropriately to manage those risks.
This will be achieved by:
• Continuously reassessing risks associated with the role and inherent in the business, taking account ofchanging economic or market conditions, legal and regulatory requirements, operating procedures and practices,management restructurings, and the impact of new technology.
• Ensuring all actions take account of the likelihood of operational risk occurring, addressing areas of concern inconjunction with Risk and relevant line colleagues, and also by ensuring that actions resulting from points raisedby internal or external audits, and external regulators, are correctly implemented in a timely fashion.