Job Description

Some careers have more impact than others.

If you’re looking for further opportunities to develop your career, take the next step in fulfilling your potential right here at HSBC.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 58 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team in the role of Cybersecurity Operations Manager

Department:

Operating within the Cybersecurity function and under the management of the Global Head of Cybersecurity Operations and Intelligence, the Global Cybersecurity Operations and Intelligence (GCO&I) team provides a coordinated suite of “Network Defense” related services and are responsible for the detection and response to information and cybersecurity threats across the global HSBC assets and estate.

The GCO&I team is split into five distinct sub-functions:

• Monitoring & Threat Detection (MTD) – Monitoring, detection, alerting and triage of initial cyber-threat events.
• Incident Management & Response (IMR) – Management and deep-dive investigation and response to cyber-incidents.
• Information Protection & Response (IPR) – Management and response to information and data security incidents.
• Sustainable Operations (SO) – Continuous improvement of cyber-threat detection capabilities and process automation.
• Cyber Intelligence and Threat Analysis (CITA) - Through comprehensive investigations and deep technical analysis of advanced adversaries

Critical to the success of GCO&I are its close partnerships with other Cybersecurity teams including Cyber Engineering, Service Reliability Engineering, Vulnerability Management, Identity and Access Management and the wider HSBC businesses and functions.

The Opportunity:

The Cybersecurity Operations Manager is charged with the management of all globally aligned, security focused defense services within a specific operational site. This includes the overall efficiency and effectiveness of the site, the detection, management and response to global information and cybersecurity incidents during active hours of operation and the complete handover of duties from the previous site and to the next as part of a 24/7 global capability.

The Cybersecurity Operations Manager is accountable for:

• Leading a team of 40-50 highly skilled security professionals, providing a global service to detect and respond to cyber security threats.
• Working seamlessly with their global peers to provide 24 x 7 x 365 coverage for the critical global Cybersecurity Operations services.
• Developing, managing and maintaining a highly skilled, efficient and effective local team across all Cybersecurity Operations service lines. Including the definition, management and continuous improvement of core functions and processes that underpin a successful, effective and globally scaled monitoring, alerting and security incident response capability.
• Maintaining an up to date awareness and intelligence-led understanding of the current and predicted threat landscape so that impact to HSBC businesses or services can be anticipated and where possible, pre-emptive monitoring, alerting and response capabilities can be deployed.
• Owning and managing collaboration with the wider Cybersecurity (and CTO) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose.
• Identification of processes that can be automated and orchestrated to ensure maximum efficiency of global Cybersecurity Operations resources.
• Ensuring analysis time is efficiently focused on the more challenging and potentially higher risk problems and tasks, not on high-volume/low risk, repetitive tasks or processes, thus helping to effectively reduce false positive and false negative events.
• Managing and owning the collaboration with the wider Cybersecurity teams (and wider business / function teams where applicable) in the production and maintenance of efficient and effective security event monitoring and alerting use-cases and incident response playbooks.
• Maintaining a global view of the GCO&I mission and work with local stakeholders in region and country to bring together both the global perspective, as well as the more local message in a clear and effective way that demonstrates the team’s commitment and value.
• Promoting a “self-critical” and continuous assessment and improvement culture, whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light and addressed in an effective and timely manner.
• Embedding a culture of individual self-improvement, development and self-directed learning whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cyber security more broadly.
• Directed engagement in support of HSBC Global Businesses and Functions to drive a global up-lift in cyber-security awareness and help to evangelise HSBC Cybersecurity efforts and success.
• Participation in the GCO&I Leadership Team ensuring that the voice of Cybersecurity Operations staff is heard, concerns are raised and addressed, and the function continues to evolve at pace with the threat landscape and business requirements.
• Identification and development of high quality and meaningful cyber security related Management Information (MI) that is data driven, contextual, appropriate to the target audience and supported by experienced analysis in order to drive informed debate and decision making.
• Engagement within the Lines of Defense Risk Management framework adopted by HSBC to ensure complete transparency and effective working relationship across all lines of defense.
  
  

In this role, you will:

Principal Accountabilities

Impact on the Business/Function

• Supports the development of the Global Cybersecurity Operational functions under their remit, engaging with colleagues across Cybersecurity and other IT functions to drive and deliver sustainable operational plans in line with department strategy.
• Leads and facilitates change through clear strategy, operational planning and effective communication and stakeholder management.
• Drives business performance, clear thinking and utilises experience whilst under pressure.
• Delivers sustainable business outcomes.
• Responsible for building effective technology and process control capability that is continuously re-factoring to meet evolving security and compliance needs
• Works closely with peers and business leads to build and implement controls in adlignment with risk-posture, architectural constraints, company strategic direction and industry trends and best practices.
• Drives delivery of the highest standards and outcomes, inspiring others to do the same. Focuses on medium and long term goals even when under pressure or facing uncertainty. Manages expectations, results and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.
• Strategically drives innovation to gain competitive advantage, taking calculated, entrepreneurial risks to achieve business outcomes. Generates an environment in which innovation is seamlessly embedded into working practices.

Customers / Stakeholders

• Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.
• Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short and long term shifts in business/function patterns of activity and demand.
• Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.
• Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy. Key relationships to include Functional heads across the other HOST functions and external account managers for third party suppliers and vendors, along with other regional counterparts across the globe, Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach.

Leadership & Teamwork

• Leads and develops the Cybersecurity Operations teams. Builds a close-knit team of skilled individuals who are empowered to and capable of making bold and sustainable decisions that protect and enhance HSBC’s assets, values, reputation and stakeholder value.
• Actively promotes a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify and grow talent.
• Actively seeks to engage a diverse group of stakeholders internally and externally to ensure a balanced influence and achievement of best outcomes for all.
• Builds rapport and mutual understanding to communicate and create opportunities for cross-business and global working. Encourages debate and open discussion. Builds sustainable relationships beyond transactional levels to build better understanding of mutual benefits. Empowers team members to do the same.
• Acts as an effective and advanced coach and mentor to both local and global colleagues. Contributes to the establishment of good coaching and mentoring practices throughout the team and across the wider global Cybersecurity Operations deparment. Implements techniques and processes for diagnosing individual and team coaching requirements.

Operational Effectiveness & Control:

• Governs risk responsibly. Promote ethical management of risk across regions and business areas within their teams.
• Communicates changes in policy and governance effectively, reinforcing risk processes within their team.
• Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their team.
• Embeds efficient risk and compliance processes and procedures into business as usual practices.
• Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.
• Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
• Supports the management of department finances. Accurately interprets strategic financial information: makes insightful decisions in financial planning and programme performance monitoring.
• Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate

Typical Targets and Measures

Impact on the Business/Function

• Measures benefits over the short, medium and long term. Develops technical strategies to support the growth of the business, allowing for uncertainties and anticipating long term likely outcomes and implications.
• Recognises, values and makes the most of differences in people and cultures to build a sustainable future.
• Keeps up to date with best practice, applying it to drive performance.
• Demonstrates and applies excellent business domain knowledge.
• Generates a working environment in which innovation is encouraged and embedded into working practices

Customers / Stakeholders

• Promotes the most appropriate solution even if there are short term additional costs. Takes action and engages resources to create new and innovative solutions to address and balance risk against customer needs.
• Balances business requirements and security risks, clearly articulating thought and decision making processes to stakeholders.
• Gathers information to deepen insight of internal customers. Anticipates activity and drives/influences the development of business/function supporting, security focused strategies.
• Leads strategically significant global and/or high value stakeholder relationships.

Leadership & Teamwork

• Contributes to individual and team reward and recognition systems and on-going development of effective performance management measures.
• Translates the required course of action into a clear and realistic vision.
• Develops globally aligned strategies that are beneficial for the supported businesses /functions and organisation as a whole.
• Identifies and builds relationships with key contacts and influencers.
• Effectively translates coaching requirements to organisational performance requirements and vice versa. Designs and implements effective, individual and team/departmental coaching plans.

Operational Effectiveness & Control:

• Creates an environment that anticipates risk, ensuring action is taken to quantify and mitigate them
• Implements IT best practice in risk policies and governance frameworks in area of responsibility.
• Builds plans and budgets which identify value and cost reduction opportunities.
• Ensures reconciliations of expenditure against completed work and benefits realisation; recommends how to tackle any variance.

Management of Risk (Operational Risk / FIM requirements)

• The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
• The jobholder will also continually reassess the IT Security and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
• This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.

Observation of Internal Controls (Compliance Policy / FIM requirements)

• Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
• The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified IT security risks.
• The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
• This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.

To be successful in this role, you should meet the following requirements:

• Understanding of cyber security principles, global financial services business models, regional compliance regulations and laws.
• Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
• Proven ability and experience of working in a high-pressure, fast paced environment where bold, time critical decision making is essential.
• Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions.
• Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
• Solid understanding of business finance as well as effective management of budgets and expenditures.
• Experience in a leadership position within a cyber-security operations team to include team and capability development, staff development, career management and recruitment.
• Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex and global organisation.

Technical Skills

• Expert level knowledge and demonstrated experience of common intelligence sharing platforms / protocols and experience operating within a collective defence environment with internal stakeholders and external partners.
• Expert level knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.
• Expert level knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.
• Expert level knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
• Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems.
• Ability to identify, develop and track key performance indicator (KPI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.
• Expert knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google.

Industry Experience and Qualifications

• Industry recognised cyber security related certifications including; CEH, EnCE, SANS, CISSP, CISM, CRISC and/or CISA.
• Formal education and advanced degree in Information Security, Cyber security, Computer Science or similar and/or commensurate demonstrated work experience in the same.
• A broad and extensive security operations background.
• Operated at a senior management level, with exposure to global executives.
• Experience in a senior leadership position within a large global and highly regulated organisation; including hands-on experience of complex data centre environments, managing large highly technical teams in operational environments, preferably with shift management experience.
• 10+ years of experience in Cyber security operations management, Cyber security management in a leadership position.

You’ll achieve more when join HSBC

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

***Issued By HSBC Software Development (India) Limited***