Head of Cybersecurity Risk and Controls Business Engagement
HSBC - Buffalo, NY
posted 2 days ago
About the position
The Head of Cybersecurity Risk and Controls Strategy (CRCS) Business Engagement for the Americas will play a key role in coordinating activities required to implement the Cybersecurity Risk and Controls Strategy across the Region. This role will report into the Global Head of CRCS and the Chief Information Security Officer for the Americas, and closely collaborate with the CRCS Business Engagement Leads supporting other regions and businesses HSBC operates in, as well as with the rest of core CRCS functions. Key responsibilities of the role include establishing and executing processes across the Americas to strengthen engagement for control design and monitoring, tailoring metrics and management updates across all tiers of the organization, ensuring an accurate reflection of cybersecurity risks and controls across the environment, and participating in response to independent challenge of same.
Responsibilities
- Building out, leading and managing the CRCS Business Engagement activities to the Americas Region
- Working closely with core CRCS functions and the wider Cybersecurity teams to ensure the designed controls are embedded, fully understood and adhered to, emphasizing adoption at the business and regional level
- Representing CRCS in regional and business senior management forums
- Working with the Control Owners, Independent Risk, Internal Audit and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library and federated controls owned by the business, are designed according to the Bank's requirements and industry standards and best practices (e.g. NIST CSF)
- Working with Cybersecurity Control Design and Continuous Control Monitoring teams to ensure local control issues are properly fed into global control design, monitoring and governance
- Working with Cybersecurity MI & Reporting team to feed requirements from the business and geographies, ensuring continuous evolution of MI reporting, tailored to our global audience
- Working with Cybersecurity Risk & Control Strategy (CRCS) teams to ensure that the measurements defined provide sufficient data for regional and business stakeholder reports and are aligned with the Cyber Risk Quantification (CRQ) model
- Support the Global Head of CRCS with designing, managing and maintaining processes and engagement model for the CRCS Business Engagement function
Requirements
- Significant, subject matter expertise in Cybersecurity Controls including controls design and implementation and control assessment, as well as MI and executive reporting
- Ability to translate difficult IT concepts into business-friendly language
- Experience with Technology risks and controls; advanced knowledge of Cybersecurity is a must
- Expert understanding of inherent/residual risk principles as well as effective/sustainable control design
- Wide general cybersecurity knowledge; understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors
- Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs) is a must
- Familiarity with the NIST Cyber Security Framework (CSF) would be beneficial
- Knowledge of Center for Internet Security (CIS) Measures and Metrics is a plus
- Experience with GRC Tools (such as HELIOS, ServiceNow, Archer) is a plus
- Understanding of regulatory landscape
- 7-10+ years' experience
Nice-to-haves
- Experience in creating and reviewing executive reports (up to board level)
- Experience in dealing with Senior/Executive Management, internal and external audit
- Experience in dealing with regulators within jurisdictions across the Americas region
Benefits
- Competitive pay and benefits package including a robust Wellness Hub
- Tailored professional development opportunities
- Industry-leading volunteerism policy
- Generous matching gift program
- Comprehensive program of immersive Sustainability and Climate Change Initiatives
