Cyber Information, Technology and Third Party Risk Officer

Some careers grow faster than others.

If you’re looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people’s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues.

In this role you will

• Work with International Wealth and Premier Banking (IWPB) as a Cyber Information, Technology and Third Party Risk Officer (CITTPRO), and will support IWPB’s Cyber Information and Technology Risk Officer (CITRO) / Business Information Risk Officer (BIRO) to perform Control Monitoring of IT and Data Security controls and IWPB’s Third Party Risk Officer (TPRO) and act as the primary point of contact for the IWPB Third Party Engagement Managers (TPEMs) on Third Party Management (TPM) issues.
• Be responsible for ensuring the risk assessments are accurately reflecting the risks faced by the businesses and are appropriately monitored and reported in the relevant governance forums and carry out thematic control checking, control monitoring or testing relating to Information and Cyber Security Risks (ISR) and any other 1LOD risk and control responsibilities or other ad‑hoc tasks assigned by IWPB’s CITRO/BIRO and liaise with various stakeholders including Third Party Engagement Risk Owners, Third Party Case Manager in Control Owners, Business Service Owners, and Risk Stewards to implement Third Party risk and control related enhancements/activities.
• Support IWPB TPEMs to ensure that appropriate approvals are obtained during various steps of the Third‑Party Onboarding process and risk Assessments, Materiality Assessments and Control Tasks are completed accurately. Additionally, Third Party due diligence tasks are completed on a timely basis, records are accurate, well maintained and kept up to date, breaches or issues are escalated, and remediation plans in...
• Maintain oversight Indicators which reflect the effectiveness of the controls for Third Party Risk and facilitate senior management decision making using analytical and problem‑solving skills to make recommendations from risk and control perspective.

In addition to these key responsibilities, the CITTPRO will be expected to:

• Actively challenge poor, inefficient or excessive controls, related tasks and behaviours and identify and drive thematic control reviews across the businesses/functions and support the relevant business/function with identification and management of their Information Security and Third‑Party Risks and provide regular reporting to the relevant business/function and/or the Non‑Financial Risk team on risk management and project progress, as required.
• Engage business/function management to ensure ownership and remediation of control issues raised from internal/external audits, controls assurance and regulatory changes amongst others and share best practices within area/region/globally (as applicable).

• Prior experience in a Risk Management or Controls role (in either first, second or third line of defence) within a global organization, working across cultures.
• Experience in managing Third Party risks, with good understanding of Monetary Authority of Singapore (MAS) and The Association of Banks (ABS) outsourcing guidelines/requirements.
• Proactive and delivery focused to ensure individual and team tasks are completed on time and to the required levels of quality.
• Strong business and commercial knowledge (in particular IWPB), would be an added advantage and familiarity with Cyber and Information Security Risks, preferably with relevant professional qualifications would be an added advantage.
• For internal candidates, in-depth good understanding with applicable sections of the Global Risk FIM, Security Risk and Third‑Party Risks (TPR) and controls under the Non‑Financial Risk Framework.

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.