US Chief Information Security Officer

$200,000 - $400,000/Yr

HSBC - Buffalo, NY

posted 3 months ago

Full-time - Senior
Buffalo, NY
1,001-5,000 employees
Credit Intermediation and Related Activities

About the position

The US Chief Information Security Officer (CISO) at HSBC plays a pivotal role in supporting the Regional Information Security Officer (RISO) by executing the Group Information Security and Cybersecurity strategy across the designated region. This position is crucial for managing Governance & Reporting, Information Security Risk and Remediation, Secure Business Transformation, and ensuring compliance with US legal entity regulations. The CISO is responsible for reporting the cyber risk posture to assigned legal entity boards, senior management, and risk management forums. The role demands the ability to translate complex Cybersecurity concepts into understandable language, facilitating continuous assessment and improvement of cybersecurity and information security risk in alignment with risk appetites and the evolving cyber-threat landscape. In this capacity, the CISO will support the execution of the global Cybersecurity strategy through various run-the-bank programs within the US, coordinating with central Cybersecurity functions for change-the-bank programs. Collaboration is key, as the CISO will work closely with other cybersecurity team members, technology teams, information security control owners, and the regional/business Chief Controls Office to achieve strategic goals. The CISO will also be responsible for inputting into and enhancing the Group's Information Security and Cybersecurity Strategy while ensuring its effective operation within the respective Region/Country. The role encompasses a broad scope of responsibilities, including managing Information and Cybersecurity risks and controls, providing timely Information Security monitoring and risk reporting, and supporting the COO, CIO, and Heads of Technology functions in managing information security risks. The CISO will leverage global reporting capabilities to drive Cybersecurity control improvement initiatives and will own all Cybersecurity-related activities for the respective Country, ensuring that all security services are delivered effectively. Additionally, the CISO will promote Cybersecurity awareness and clear reporting of initiatives to enhance the perception of Cybersecurity as a business enabler.

Responsibilities

  • Support the Regional Information Security Officer in executing the Group Information Security and Cybersecurity strategy.
  • Manage Governance & Reporting, Information Security Risk and Remediation, and Secure Business Transformation.
  • Ensure compliance with US legal entity regulations and report cyber risk posture to assigned legal entity boards and senior management.
  • Translate technical Cybersecurity concepts into consumable language for stakeholders.
  • Collaborate with cybersecurity team members, technology teams, and information security control owners to achieve goals.
  • Input into and improve the Group's Information Security and Cybersecurity Strategy within the Region/Country.
  • Provide Information Security monitoring and risk reporting for the respective Country.
  • Support the COO, CIO, and Heads of Technology functions in managing information security risks.
  • Leverage global reporting capabilities to provide monthly updates for Cybersecurity control improvement initiatives.
  • Own all Cybersecurity related activities for the respective Country, regardless of the organization delivering the service.
  • Work closely with the RISO to ensure Region/Country requirements are communicated to the Group cybersecurity team.
  • Track and report on business-critical Cybersecurity strategic transformation programs.
  • Represent Cybersecurity in relevant management and governance forums.
  • Align with existing governance structures to improve management of information security and cybersecurity controls.
  • Support the RISO in delivering the Global Cybersecurity strategy for the Region/Country.
  • Build and manage local plans and budgets to identify value and cost reduction opportunities.
  • Promote Cybersecurity awareness and reporting of initiatives to improve overall perception of Cybersecurity.

Requirements

  • Minimum bachelor's degree and/or experience in IT security governance and operational processes, preferably in the Financial Services industry.
  • Previous experience as a Chief Information Security Officer within the US Financial Services industry, including direct engagements with US FSI regulators (OCC, FRB).
  • Experience providing briefings to Board of Directors is required.
  • One or more industry-recognized cybersecurity-related certifications (e.g., ISO270001, CISA, CISM, CISSP, CRISC) as per Regional Regulatory Requirements.
  • Availability to travel within the country if required for this role.
  • Excellent spoken and written communication skills, with the ability to adapt style based on audience.

Nice-to-haves

  • Experience in risk management, Audit, or ISR is desirable but not essential.
  • Positive and professional attitude, team player, flexible and adaptable, open to change.
  • Ability to quickly develop good working relationships with stakeholders.

Benefits

  • Competitive pay range between $200,000.00 and $400,000.00 based on various factors.
  • Access to tailored professional development opportunities.
  • Robust Wellness Hub to improve health and well-being.
  • Generous matching gift program and industry-leading volunteerism policy.
  • Comprehensive program of immersive Sustainability and Climate Change Initiatives.
  • Participation in Employee Resource Groups for networking and development.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service