If you’re looking for a career where you can make a real impression, join Global Service Center (GSC) HSBC and discover how valued you’ll be. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Third Party Security Assessment – SME

Role Purpose:

Cybersecurity is responsible for enabling businesses and functions to manage their information, technology, and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to the risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. threat modelling) and Third-Party Security Assessment. The function drives the identification, capture, assessment, testing/verification and ultimately the remediation of security defects, gaps, and vulnerabilities across HSBC’s estate in concert with business and technology teams – on-premises, within the Cloud and for those resulting from 3rd party engagements.

Main Activities:

The Cybersecurity SME will work Third Party Security Risk assessments which may involve proof of concept, complex and multiple services or very high- or high-risk vendors.

This includes, but not limited to:

Develop as a SME and help to inform wider embedding and training on new process flows and products used in TPSA.Support Control Officers, Risk Stewards, Internal and External Audit, and Regulators with any relevant reviews, examinations, and information requests. As a Consultant/SME within both CSAT and Cybersecurity, the role-holder will be expected to contribute to, be an ambassador for, and to drive delivery of the cybersecurity strategy.The role functionally reports into the Regional Head of Third-Party Security Assessment with functional accountability to the US for assessments assigned, The candidate will be able to demonstrate strong knowledge and collaboration abilities; communication in business English – both in verbal and written form; an obsession for delivering high-quality outcomes, whilst often under pressure/at pace; constant curiosity and drive to ensure repeatable outcomes are more effectively achieved. The role holder may be required to engage with senior stakeholders including Technology and Cybersecurity leadership in regions; stakeholders across all lines of defence: Chief Controls Office Technology, 2LoD Resilience Risk and 3LoD Internal Audit teams, and will be required to support regulatory examinations.