Chief Information Security Officer International Markets

Some careers have more impact than others.

If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people's money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues. Within GCIO, our cybersecurity team designs, implements and operates control to manage risk. This team helps define our group cyber security standards, oversee the security of our network, applications and infrastructure, provide round-the-clock monitoring and security incident response services.

We are currently seeking an experienced professional to join our team in the role of Chief Information Security Officer International Markets

Role Purpose

The Chief Information Security Officer (CISO) International Markets is responsible for the execution and continuous improvement of a best-in-class, Cybersecurity capability across business and all market jurisdictions under International Markets it is responsible for as well as operates within. The role involves translation of highly technical Cybersecurity concepts into consumable language, in order to drive continuous assessment of cybersecurity and information risk in light of established risk appetites and a constantly evolving cyber-threat landscape.

The business in International Markets is complex from a cybersecurity perspective and requires a senior experienced leader, due to the multiple legal entity structure across International Markets and the significant number of regulatory bodies and cyber-security expectations across the different markets. In addition, in line with the Bank's growth strategy in this business area, we need to ensure the business and technology teams maintain the appropriate risk and control standards alongside customer growth.

The CISO International Markets reports to the Asia & Middle East CISO; and will support the CIOs for International Markets (Indonesia, Taiwan, Bangladesh, South Korea, Japan, Thailand, Philippines, Vietnam, Sri Lanka and Mauritius).

Principal Accountabilities:

• The CISO International Markets assists with definition of the global Cybersecurity strategy and ensures its execution through International Markets and Globally-led programmes that provide adequate, embedded, and effective protection of the firm's information and technology assets. To achieve these goals, the CISO International Markets must possess significant senior executive management experience delivering a best-in-class cybersecurity practice in large and complex, multinational organizations. In addition, the CISO International Markets will be required to represent evidence that demonstrates control and operational effectiveness within International Markets to various Board-level committees as well as applicable financial services regulators in the markets the function operates within.
• The role holder will:
• Possess an entrepreneurial approach solving complex information and cybersecurity challenges, strong visionary leadership and communication skills, coupled with deep domain knowledge of information and cybersecurity best practices, experience of embedding these within an organization, and be able to drive a security-first culture across all aspects of the assigned business and market
• Manage stakeholders including the International Markets CIO, Market/Entity Board(s), COO(s) and CEO(s) as well as with Cybersecurity Leadership and staff, and external bodies. These include key regulators which apply International Markets and its associated jurisdiction(s).
• Ensure appropriate oversight mechanisms and high standards of internal control, to ensure the identification of emerging threats in the Cybersecurity landscape are in place.
• Provide International Markets ownership and implement Cybersecurity best practice, standards and governance frameworks, mapping and adjusting controls to the evolving Cyber threat landscape. The position enhances operational controls, ensuring appropriate tools, Cybersecurity frameworks are adopted, assigned to and owned by stakeholders across International Markets.
• Act as a single point of contact for Cybersecurity risk reporting to relevant Board(s), Committees, and other governance forums, as appropriate
• Drive customer focus, leading a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seeks opportunities to maximise Cybersecurity strategy to improve International Markets operations
• Set the tone and direction of International Markets' Information and Cybersecurity practices and assist with definition of global Cybersecurity standards across the entire HSBC Group to proactively increase Cybersecurity awareness, ownership and Cyber risk reduction
• Focus on First Line of Defence activities in International Markets across Identify, Protect, Detect, and Respond pillars of the NIST Framework
• Ensure continuous assessment and improvement of the control environment relative to the evolving Cyber threat landscape
• Work with stakeholders in International Markets to support the resolution / remediation of security incidents
• Drive continuous engagement with International Markets senior executive management (such as COOs and CEOs) to provide expert knowledge that influences how to best manage information and cybersecurity risk exposure within business risk appetite, which will impact on their wider organisations
• Manage and mentor cyber business integration teams (strategy, regulatory, governance, consulting and delivery). Encourage an enterprise mindset for team members to support and benefit the wider AME region.

Requirements

Essential Experience:

• Technical Experience: Significant, industry leading subject matter expertise in Cybersecurity together with a broad technology and risk management experience. This includes but is not limited to cybersecurity control design and implementation, operational process and incident response.
• Stakeholder Management: Extensive leadership experience within fast-moving, complex and demanding corporate environments where Cybersecurity issues have to be handled on a large scale. Experience managing board level stakeholders and of direct regulatory engagement.
• Leadership: Experience of having led international projects/initiatives with a team of Cybersecurity professionals, raising standards within the function and improving the profile of Cybersecurity across a large, complex, international organisation. Ability to motivate people and transform the function into a world-class Cybersecurity organisation

Essential Capabilities:

• Business Insight & Decision Quality: Applying knowledge of business and the market to making good and timely decisions that keeps the organization moving forward.
• Strategic Mindset: Seeing ahead to future possibilities and translating them into breakthrough strategies.
• Action Oriented: Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.
• Builds Effective Teams: Building strong-identity teams that apply their diverse skills and perspectives to achieve common goals.
• Persuasion & Conviction: Using compelling arguments to gain the support and commitment of others; stepping up to address difficult issues and saying what needs to be said.
• Manages Ambiguity & Ensures Accountability: Operating effectively, even when things are not certain, or the way forward is not clear; holds self and others accountable to meet commitments.

Knowledge, Qualifications & Experience

• Minimum of 15 years of experience in a combination of risk management, cyber security and IT job roles
• Bachelor's degree in technology-related field or equivalent experience
• Professional security management certification (e.g. CISSP, CISM, CISA, CRISC etc)
• Knowledge of common information security management frameworks and best practices (e.g. ISO/IEC 27001, GASSP, NIST etc)
• Excellent written and verbal communication skills and the ability to influence senior executives
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Proficiency in multiple technical disciplines and applicable security/risk concepts and methodologies
• Previous experience in developing and implementing information security strategies and projects
• Availability to travel (if required) for this role, i.e. travel within country as well as occasional international travel
• Ability to communicate technical subject matter to non-technical stakeholders
• Ability to quickly develop good working relationships with stakeholders

Opening up a world of opportunity
http://www.hsbc.com/careers

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hongkong and Shanghai Banking Corporation Limited.