Office

Compensation

: $192,290.00 - $192,290.00 /year *

Employment Type

: Full-Time

Industry

: Information Technology



**Description** The Business Information Risk Officer is responsible for providing timely and quality advice to the business and shaping the information security and cyber risk management activities in region by actively participating in the RCA process and providing SME input relating to all aspects (risks, controls, remedial actions) of the information security and cyber risks in the business. + Responsible for providing information security, cyber and technical SME input to the business in support of their risk management activities, translating technical risk and control related aspects to non-technical business + Supporting the business in ensuring that information security risks in the RCAs are adequately assessed, documented, gaps identified and appropriate remedial actions agreed. Support the business in developing and executing appropriate control monitoring plans. + Accountable for taking the lead for pan-GBM information security & cyber risks, ensuring these are adequately understood, assessed and documented in RCAs + Responsible for providing Business and GBM CCO management with a view of their information risk landscape through appropriate metrics and timely updates. + Serve as the cyber and information security SME for the Business, translating technical controls, Group remediation and other information technology activities to business understood terms which help drive the risk management + Responsible for undertaking deep dives of cyber and information technology issues, as directed by the Chief Control Officer or Global Lead BIRO and recommending practical remediation activities. + Responsible for engaging with ISR and other 2nd LOD functions, responding to 2LoD requests and ensuring 2LoD observations are understood and where required remediation plans are in place. + Accountable for developing and maintaining an engaged and active network of DBIROs, ensuring DBIRO responsibilities are performed as documented in the DBIRO Roles & Responsibilities + Responsible for cultivating a culture of information security awareness & good conduct through regular communications, awareness, training and cultivating an engaged and knowledgeable Department BIRO (DBIRO) network + Responsible for assisting the Business in the identification, documentation and resolution of information risk issues and control gaps. + Responsible for engaging with key supporting functions like Cybersecurity, ITID, HOST etc, ensuring that non GBM led remediation is understood and GBM responds appropriately. + Become a key member of the GBM CCO organisation, as an information security and technology SME, and support the Global CCO organisation in the embedding of a consistent global risk management framework **Major Challenges** + Bring to bear a broad range of skills related to information technology, information security & cyber, and risk management in an investment bank + Objectives will be achieved via matrix management rather than direct control of resources, so strong influencing skills are essential to drive results, particularly when fostering support from senior executives, CCOs, and Department BIROs (DBIROs) across the Global Businesses. + Engaging key stakeholders from differing disciplines, Business, Cybersecurity, Information Technology, ISR, Op Risk who may be dispersed across differing countries, so remote collaboration is required. + Outstanding communication skills are required to manage expectations, drive opinion and affect change across all stakeholder groups + In line with the overarching GBM strategy, the implementation of new processes/policies must be globally consistent. **Role Context** + Is accountable for driving the regional implementation of global HSBC and GBM specific information security and cyber risk management activities and drives the business' information security risk management + Effectively implements the information risk framework and is the subject matter expert in the region + Will support projects and processes that will have a significant impact on all GBM employees and businesses as required + Is required to be flexible enough to adapt to multiple disciplines: business/control, risk/project management, persuasion/collaboration + Will be in close working contact with senior managers/executives and will need to maintain credibility and influence at all levels + Is a member of a range of global and regional committees and working groups with different objectives and seniority levels **Observation of Internal Controls** + Maintain HSBC internal control standards + Facilitate compliance with policy through the implementation of GBM information security requirements and management of the DBIRO network + Engage with CCOs, Information Security Risk, internal and external audit on information security & cyber related issues and oversee the resolution of information risk audit points and MSII, + Maintain a strong compliance culture that adheres to the spirit and the letter of all laws, regulations and Group Compliance policies which apply to area of responsibility **Qualifications** Technical Skill Requirements + Strong understanding of information security & cyber risks and potential mitigating actions, industry / good practice risk/control frameworks + Strong understanding of information technology and technology control requirements as well as associated industry frameworks + Good understanding of related risk/control disciplines (Operational Risk, + Flexibility in working arrangements, as the role may require irregular working hours Educational Requirements + Information Security certifications e.g. CISA, CISM etc will be an advantage Personal Skill Requirements + Highly developed influencing and relationship management skills, particularly at the senior business level + Excellent written communication, research and analytical skills + Good negotiating skills + Ability to work autonomously, under minimal supervision + Good team and network management skills Experience + Managing information security in financial services, preferably an investment bank + Management or review of technology risks and controls + Performance of risk and controls assessments related to information technology and information security EEO/AA/Minorities/Women/Disability/Veterans **Job Field:** Risk and Compliance **Primary Location:** North America-United States-New York-New York **Schedule** Full-time **Shift** Day Job **Type of Vacancy** Country vacancy**Req ID:** 0000CEDX
Associated topics: chief program officer, cpo, manage, manager, management, monitor, product manager, project manager, relationship manager, task * The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...