Cybersecurity Governance Risk and Compliance Lead

**Job Title: Governance, Risk and Compliance Lead**

**Big Bank Funding. FinTech Thinking.**

***

Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.

**Role Description**:
The Cybersecurity Governance Risk and Compliance Lead for the region is charged with protecting the HSBC brand, shareholder value, information assets and financial assets within the respective region through their support to the Head of Cybersecurity Regulatory Compliance & Remediation.

**Responsibilities**:

- Develop and maintain strong relationships with the Regional Information Security Officer (RISO) to identify and ensure regional/country specific legal and regulatory requirements are met.
- Maintain oversight of the regional risk profile, appetite, incidents and control effectiveness and provide robust risk challenge to the same audience when cyber security risk appetites are breached.
- Work with the overall Regulatory Compliance team who provide centralized reporting (including KPI/KRI/KCI’s) to support the regional reporting into regulators and other internal and external stakeholders with regards to the Group’s risk appetite and control effectiveness.
- Drive an effective engagement and governance process across the region that is demonstrably adding value to all target stakeholders.
- Work with the Cybersecurity Communications & Training team to ensure that cyber related training and awareness has been delivered for all relevant Regional stakeholders.
- Provide oversight and delivery of metrics and reporting in to the relevant regional governance committees.
- Provide oversight and support regional stakeholders in managing regulatory compliance requirements across major markets driving a response to regulatory enquiries and exams.
- Provide regional input into the definition of security standards based on policies defined by the ORR function, lead the Cyber Security Agenda and oversee effectiveness of controls to ensure regional compliance with policies and standards across the region.
- Coordinate regional responses to Third Party / Client questionnaires and enquiries received by HSBC.
- Work with the Regional Information Security Officer (RISO) to:

- Proactively track, challenge and drive to closure all Cybersecurity owned issues (i.e. audits, MSII’s) and maintain oversight of Cyber Security’s control environment within the region
- Proactively manage the gaps identified during security testing activities through established governance to drive remediation of gaps and track to closure

Requirements

**Essential Skillset/Experience**:

- Typically educated to degree level, within IT and Risk. Industry qualifications (CISSP, CISA, CISM).
- Experience in Governance, Risk and Compliance.
- Regulatory engagement, experience in dealing with compliance matters, and regulatory liaison.
- Knowledge of Cyber regulatory requirements in region/globally.
- Experience in Technology and Cyber Security Frameworks, e.g. NIST.
- Ability to build strong relationships and communicate on complex issues with a wide spectrum of stakeholders.
- Understanding of business finance and experience of effective management of budgets and expenditure.
- Comprehensive understanding of banking and security in context of wider industry trends and direction

**The role will be based in Sheffield.
**Come Power a Business that Defines How to Power the World**

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.