Information Security Risk Manager - HAT - 19/

Role Title: Information Security Risk Manager - HAT - 19/

Business: Risk Management

New or Existing Role? New

Grade: GCB4



Role Purpose
Supporting the Head of ISR in his/her execution of Risk Steward duties as a Second Line of Defence for Information Security Risk across GBM: To work jointly with GBM and partners to establish and develop a consistent, pragmatic and effective approach to Information Protection. Provide subject matter expertise in achieving the right risk and control based balance for the business
• T o operate at a global level to manage the overall relationship between ISR and GBM, providing ISR representation on key committees and assisting GBM to remain within their risk appetite.

Key Accountabilities

Impact on the Business
Provide an independent opinion to senior stakeholders on their management of information security risk. Liasing with Global/Regional/Country Heads of GBM, the Global/Regional/Country BRCM(s) and BIROs to provide updates on information risk and follow up on risk mitigation Assisting GBM in defining its information risk appetite Maintaining on-going visibility of GBM's key initiatives and helping to prioritise ISR oversight according to risk Increasing the understanding of information risks within GBM by explaining these in plain/business terms and helping them to ensure that these are kept within their risk appetite by recommending mitigating actions Maintaining oversight of Information Risks in GBM by reviewing RCAs, MSIIs, Internal Audit findings, BRCM reviews and any other ISR related KRIs to establish risk themes and provide advice on remediation Manage and maintain close oversight on all ISR related incidents with a view to provide assurance that risks and impacts have been handled effectively Supporting GBM in the RCA process and the use of the ISR Risk and Control Library to ensure relevant information security risks and controls are included in the RCA. Liaising with all Function Heads within ISR


Customers / Stakeholders
Functional Relationship Management - Develop and maintain positive and professional working relationships with Global BRCMs, Global BIROs, CROs, COOs, and senior managers within GBM. Manage conflicts and the competing priorities of multiple stakeholders. Information Risk Guidance - provide subject matter advice, guidance and counsel to senior executives and be responsible and accountable for driving forward the Information Protection programme of work for GBM. In order to attain their support, commitment and agreement. Regional ISR Teams - to ensure communication and engagement of risk through the regions but with one global vision on order to support the demands of GBM, via the assigned / designated point of contact or relationship manager Communication - Communicate to GBM and Group senior executives their security responsibility to ensure programme success via the Head of Information Security Risk - GBM Transparency - Working across global teams to ensure commonality of understanding and objectives such that local teams are focused on delivering against global imperatives whilst at the same time global deliverables meet local and regional requirements. Functional Risk Ownership - ensure that GBM has an understanding of risk, acceptance on ownership and eventually a growing self awareness in identification and reporting of risk in their respective domains


Leadership & Teamwork
Work closely with GBM management to aid them to manage information security risks within GBM Collaborating effectively with SMEs from across the ISR function to understand and monitor the Information Security Risk position within the GF

Operational Effectiveness & Control
Effectiveness: To work with all areas of ISR locally and globally to develop an engagement framework that allows ISR as a global function itself to: Reduce duplication of effort and ensure best use of scarce ISR resource To have single / globally aligned frameworks To have single / globally aligned risk model To drive efficiency and practical implementation of global process To standardise and globalise were feasible and manageable without losing coverage for regional or local processes Control: Establish processes to ensure compliance with all internal and external regulations


Major Challenges
Building an effective working relationship with GBM management Become an effective second line of defense Ensuring that Information Security Risk is given appropriate focus by GBM Building a network of contacts across SFR / ISR in order to be able to provide effective consultancy to the GBM Embedding and optimising the new GBM ISR function into the new Global ISR Target Operating Model by extensively reviewing and improving existing processes


Role Context
The ISR function and this role is transforming in response to four main drivers: Bank's realignment around Global Businesses and Global Functions Deployment of the Lines of Defence Model Need to become more efficient and standardized Need to become intelligence led to effectively keep pace with ever increasing and sophisticated cyber threats.

Management of Risk
The Management of Risk will be consistent and in-line with the Banks Polices, Standards. Guidelines including all relevant process and procedures The jobholder will ensure to actively participate in reducing risk across all areas of their responsibility and the bank as a whole

Observation of Internal Controls
Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators
Qualifications

Knowledge & Experience / Qualifications
Risk Management- Have an expert level and extensive amount of Information Risk, Information Security Risk and Operational Risk knowledge to face off appropriately to the different risk managers in the Group and also external parties. Understanding of the Fraud and Risk characteristics of key products and channels. Strategy / Vision - Be able to implement a vision and strategy for risk capability across the global functions and communicate to key stakeholders and get their buy-in. Influence - Have significant gravitas that will be obvious to all parts of HSBC, which will enable face off to senior SFR managers and GBM stakeholders in order to win their confidence and help influence their decisions. HSBC Knowledge - A detailed understanding of HSBC and how it works would be of enormous benefit and would be a steep learning curve for any external candidate, though external candidates are also welcome Business Knowledge - Knowledge of all major areas of a Global Bank that can span retail, commercial or investment banking products and processes. Location - UK - London based for the purposes of facing off to senior risk management and our lead regulator(s), but also willing to do some international travel to manage global responsibilities. Communication - Have excellent communication skills to be able to build relationships with key internal & external stakeholders and be able to implement strategy and vision. Business fluency in English is expected Style - A change agent who is not afraid to change the status quo in order to drive Group strategy Experience - Experience in Information Security Risk management processes, with professional related security qualifications preferable such as CISM and CRISC








We are an equal opportunity employer and are committed to creating a diverse environment.

Salary: . Date posted: 27/07/2016