Job Description
Some careers shine brighter than others.
If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.
We are currently seeking an experienced professional to join our team in the role of Sr. Associate Director, Cybersecurity Specialist.
In this role, you will:
- Act as the embedded 1LoD cybersecurity lead for Enterprise Technology engineering (applications, developer platforms/tooling, and AI), supporting the CISO/Deputy CISO by ensuring security is designed-in from inception and risks are managed within appetite and regulatory obligations.
- Provide hands-on consulting and SME support to programmes, projects, incidents and major IT outages; build strong partnerships across ET CISO, central cyber functions (Engineering/Ops) and technology stakeholders (Architecture, engineering leadership).
- Lead the divisional AppSec programme, embedding secure SDLC/DevSecOps including secure coding standards, security acceptance criteria, and threat modelling; provide security input into architecture reviews to assure designs meet security and regulatory requirements.
- Govern vulnerability triage and remediation prioritisation using risk-informed approaches (e.g., CVSS/EPSS), ensure remediation SLAs are met, oversee penetration testing scope, and drive findings through to closure with clear posture reporting.
- Act as the security lead for the internal developer platform and engineering toolchain (SCM, CI/CD, build systems, registries, container platforms, secrets management, API gateways), ensuring pipeline integrity, least privilege and zero-trust alignment.
- Run the division’s software supply chain security programme, including SBOM adoption, open-source/dependency risk governance, and third‑party component controls aligned to industry guidance (e.g., DORA/NCSC) and internal standards.
- Lead divisional AI security across model development, deployment and agentic AI; maintain AI threat models (data poisoning, prompt injection, model extraction/inversion, tool-use/MCP attack surfaces) and ensure AI use cases comply with applicable frameworks (EU AI Act and relevant financial services model risk expectations).
- Own the divisional information security risk register and deliver senior-level reporting translating technical risk into business/regulatory impact; support audit/regulatory engagement and path-to-green initiatives; build capability via security champions, targeted awareness for engineering personas, and mentoring embedded security staff.
To be successful, you will:
- Significant experience in information security with depth in application security, DevSecOps, platform security, and/or technical cyber consulting in a regulated environment.
- Credibility with highly technical audiences and ability to translate risk into business and regulatory language for senior stakeholders.
- Information Security Governance, Policy and Risk
- Hands-on expertise with AppSec tooling and practices, including SAST, DAST, SCA, secrets management, secure SDLC, and threat modelling.
- Working knowledge of software supply chain security (e.g., SBOM, dependency risk governance).
- Solid understanding of AI/ML security risks (e.g., prompt injection, training data poisoning, model extraction, agentic AI threats).
- Strong written and spoken communication (fluent English); able to communicate technical subject matter to non-technical stakeholders.
- Positive, professional, collaborative approach; takes responsibility and ownership for outcomes and personal development.
You’ll achieve more when you join HSBC.
www.hsbc.com/careers
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Issued by – HSBC Software Development India