TPSR Senior Risk Analyst

Role Purpose :
The Cybersecurity TPSR Senior Risk Analyst job is responsible for operating as
part of a global/local team within the Cybersecurity organisation, to analyse
and execute activities around Cybersecurity process, controls, standards and
regulatory requirements.

The role will carry out some or all of the following activities:
* Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties.
* Ensure compliance with internal audit and external regulators that any organisational changes are fit for purpose and meet their expectations
* Analyse and execute activities to ensure compliance with HSBC Cybersecurity policies and standards.
* Contribute to process, procedures and tool identification/development that will strength the bank's response to threats and incidents
* Assess new technology products and projects utilising security technologies pertinent to the department
* Act as a role model to more junior members of the team
* Engagement with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues
* Expand their skills, knowledge and experience to enhance the overall capability of the function
The Job holder will be a member of the Global Third Party Security Review
(TPSR) Service team within Cybersecurity and forms part of the 1LOD (1st line
of defence). TPSR is a regulated activity.
The team is tasked with point in time third parties information security
assessments to enable businesses departments to manage their
relationship/service within their risk appetite and minimize the operational
risk impacts to HSBC, its shareholders, customers, employees, reputation and
brand.
Inadequate risk management of a third party can lead to a failure to meet
operational business requirements and/or could impact HSBC customers and/or
HSBC employees, involve regulatory breaches, civil or monetary penalties or
cause damage to shareholder value and/or to reputation.
Job holder is responsible to enable businesses and functions to manage their
information security risks and to ensure risk and controls are assessed
accurately, objectively and independently through professional and specialized
subject matter experts.
Depending on the work assigned this may include:
* Managing Engagements, Business Impact Assessments, Guidance requests, Quality Assurance
* Managing other team members as appropriate
* Conducting Local and Global TPSRs (reviews, reports, identify deficiencies, quality assurance)
* Engaging with the Global TPSR team to support TPSR work
* Articulate and explain information security assessment results to business
* Closure of identified deficiencies (verifying evidence to confirm closure or advise what is needed to close them)
Additional Responsibilities:
* Ensuring adherence to global standard methodology, SLA's, quality, templates and tools
* Ensuring good stakeholder engagement
* Supporting overall activities of Global TPS, including admin and any special initiatives / projects
* MI / Reporting (actual generation of reports or contribution to appropriate reports)
* Mentoring / Coaching / Guidance for other team members / Deputisizing for manager
* Remain current with industry and competitor trends and work to apply latest / best practices internally
* Owning and driving special projects aligned to industry best practices
* Overseeing larger and more complex engagement requests and / or reviews
* Subject Matter Expert in own domain with, broad basic knowledge of other domains ensuring appropriate delivery of services along with aligning with the wider strategy and objectives of the bank overall
Impact on the Business/Function
* Protect the Bank. Protect the bank via proactive regulatory risk reduction actions. Ensure regulatory reporting is consistent across regions / businesses and centrally track reporting through governance committess, maintain a rolling agenda for review.
* Risk vs. Reward Decision Making. Make informed and educated risk decision making. Make appropriate commercial / financial institution risk vs reward security decisions.
* Driving sustainable growth. Develop the compliance awareness, engage with colleagues across the functions and businesses departments to deliver sustainable risk and compliance solutions. Lead and facilitate change through effective communication, preparation and implementation.
* Achieving excellence. Drive business performance, compliance and security.
* Risk Reduction. Work with key stakeholders (IT and business) to proactively drive the reduction in IT Security risks and to improve the security risk posture of HSBC within the business risk appetite.
* Awareness. Improve awareness of IT Security risks / threats across IT and the business.
Customers / Stakeholders
* Customer focus. Lead a customer- led and direct the wider reporting function, both on-shore and off-shore. Engage with relevant programmes and initiatives that impact upon governance, compliance and risk reporting. Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.
* Strengthening stakeholder relationships. Engage with senior stakeholders across all three lines of defence to recognise management and governance reporting requirements within major businesses and entities and at Group level. Provide support to the LISOs and BIROs with regards to engagement with external stakeholders and regulators, through provision of data as regards support the risk posture to the control enviornment.
* Understanding markets and customers. Understand the financial services industry security and threat landscape. Analyse, interpret and communicate developments in the customer's and business segment's local marketplace.
Leadership & Teamwork
* Develop and communicate a clear vision for the regional teams that is aligned to the overall HSBC vision, values and goals, and inspires and engages people to create an inclusive, high performing, customer-centered culture.
* Lead, develop and motivate the leadership team to attract, retain and develop the capacity, capability and talent to provide for succession and ensure delivery of business objectives.
* Set expectations, share best practice and manage, monitor, coach and develop leaders and others to ensure that they maximise their performance, meet the required standards, and continuously develop their capabilities and experience.
* Lead and encourage constructive cross-country and cross-business teamwork by demonstrating collaboration and matrix management in action and taking prompt action to address any activities and behaviours that are not consistent with HSBC's diversity policy and/or the best interests of the business and its customers
Operational Effectiveness & Control:
* Lead the continuing development, implementation and improvement of the processes, structures, capabilities, capacity and infrastructure needed to deliver agreed plans and targets. Collaborate with colleagues to maximise end to end integration, effectiveness and efficiency.
* Establish and maintain a robust and efficient control environment across IT Security to ensure good operational, financial and project management and compliance with HSBC policy and procedures, together with early identification and effective resolution or escalation of issues that arise.
* Lead the development, implementation and maintenance of a global management information, analysis and reporting framework for the Assessment teams activities that supports and informs timely and effective business management and decision making at all levels.
Requirements
Qualifications :
The ideal candidate for this position will have:
* Minimum Bachelor Degree and/or experience in operational processes or third party information security reviews in the Financial Services industry or global corporate service provider
* Background - desirable but NOT essential one or more; risk management, Audit, ISR
* Qualifications - desirable but NOT essential one or more; ISO270001, CISA, CISM, CISSP, CRISC
* Availability to travel (if required) for this role, i.e. travel within country as well as occasional International travel
* Positive and professional attitude, team player, flexible and adaptable, open to change(s)
* Confident and takes responsibility and ownership for work and personal development
* Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
* Ability to communicate technical subject matter to non-technical stakeholders
* Previous experience of delivering an excellent customer service
* Ability to quickly develop good working relationships with stakeholders
* Ability and motivation to learn and pick things up quickly