Job Description
Job description
Business: Group Risk
Open positions: 1
Role Title: Emerging Technology Senior Manager/Risk Specialist, GSC’s
Global Career Band: 4
Location (Country / City ): Bangalore
Why join us?
Operational Resilience Risk (ORR) is a 2nd Line of Defence (2LoD) function, part of Global Risk and independent from day-to-day operations of the 1st LoD (Technology, Cyber Security, etc.), acting to ensure that operational resilience including cyber information security risk across the bank is appropriately managed.
The emerging technology role focuses on identifying the Cyber and Technology risk relating to key emerging (or even just “new to the bank”) technologies, researching them, and identifying their likely impact to HSBC. You will need to be able to independently review technology and science news, research papers etc., to identify potentially impactful technologies and changes in order to identify potential Cyber and Technology risks. Once a relevant technology has been identified, we need to assess what aspects of the business it may impact and to what extent, how soon it is likely to be relevant to HSBC from a risk perspective, and what steps we ought to be taking (or are taking) to prepare. Periodic reassessment of the key emerging technologies may be necessary, as they become more significant. You will need to rapidly create high quality business documents to describe and educate on the specific technology and its risks. You must be able to create and deliver compelling and engaging presentations (to a range of audiences) on your findings.
In addition to these forward looking aspects of the job, you will also provide risk guidance and support to teams looking to perform proof of concepts and early implementations of new and “new to the bank” technologies, helping to balance the risks with the need to avoid impairing our ability to innovate. In doing so you may need to look at the projects through multiple risk “lenses”, collaborating with colleagues from other parts of risk.
The Opportunity:
Impact on the Business
• Provide Technical SME oversight on key emerging technologies expected to present the greatest potential impact to the bank from a risk perspective
• Highlight potential and actual emerging trends in attack types, such as the potential impact of generative AI on malware generation
• Provide SME support for projects adopting “new to the bank” technologies, influencing the design to balance risk with agility (recent examples have included biometrics, digital (rather than “wet signature”) signing of documents, the use of Zoom and cloud office suites
• Formally document and communicate information and cyber technology risk observations, and ensure risk management items are appropriately captured in Group's operational risk management systems (i.e. HELIOS).
• Provide briefing material and attend project steer-cos, workshops, provide independent reporting, packs and evidence for internal and external audit
• Coordination of activities across stakeholders
• Provision of an agreed number of papers on emerging technologies each year
• Feedback from stakeholders on quality and timeliness of specialist advice and guidance
• Evidence of guidance, challenge, intervention and escalation of significant control issues
Customers / Stakeholders
• Whilst this is a 2LoD role, it differs significantly from most 2LoD roles, with less formal oversight of the 1LoD, and more guidance, education, influencing and consultancy – often acting as “trusted advisor”.
• Build and maintain relationships with external partners, regulators, industry bodies and others to keep up to date with developments
• Establish and maintain trusted relationships with wider ORR team, innovations functions, and delivery teams.
• Evidence of timely specialist guidance and support to Risk Stewards on the management of security risks
• Compliance with regulatory requirements
• Positive stakeholder feedback.
Leadership & Teamwork
• You will be expected to be able to work largely independently, taking a lead in how to best split your time and attention between the various technologies and tasks
• You will often have to balance the need to move quickly in adopting new technologies, against the need to mitigate the risks they pose.
• Work in conjunction with ORR Business & Functions team and the wider RR Specialist team
• Support diversity and reflect the HSBC brand and organisational values.
• Positive 360-degree feedback.
• Timely project delivery, with suitable risk mitigations or sensible risk acceptances in place
Operational Effectiveness & Control
• Partner with ORR Business & Functions team and 1LOD to identify, measure, mitigate, monitor and report security risks
• Partner with ORR Business & Functions team regarding Implementation of country Internal Audit and ORR recommendations and directions for the improved use of the Risk Framework related to emerging technology security risk.
• Evidence of risk identified, measured and reported on to the 1LoD
What you’ll do:
Major Challenges (The challenges inherent in the role that require a continual test of the role holder’s abilities)
• Ability to challenge subject matter experts without damaging relationships
• Operating with influence and gravitas across all Lines of Defences within Global Businesses/Functions and Legal Entities within, in relation to the management and oversight of resilience risk
• Maintaining a commercial understanding without compromising standards of internal control and organisational risk appetite in a growing and successful business.
Role Context (The environment and operating conditions of the role including the extent of guidance and authority)
• The role holder will make and maintain close working relationships with the wider ORR team, globally, with innovations teams, and with interested parties in both the first and second line.
• HSBC serves the needs of retail, corporate and institutional clients delivering innovative and integrated financial solutions. The Risk function discharges oversight on the management and monitoring of financial and non-financial risk by the businesses and their support functions.
• The importance of non-financial risk and control has increased in recent years and is now the most influential subject for senior management, boards, and regulators. An organisation’s ability for effective identification, measurement and mitigation of non-financial risk will have a significant impact on the achievement of strategic objectives.
The role has influence over a wide group of stakeholders and employees across the organisation.
Management of Risk
• Responsible for ensuring awareness of the ORR risk impact associated with the role and must act in a manner that takes account of ORR risk considerations.
Observation of Internal Controls (Compliance Policy / FIM requirements)
• You will adhere to and be able to demonstrate adherence to HSBC internal control standards. This is achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
Role Dimensions (e.g. balance sheet size, lending/expenditure limits, size/volume of transactions, budget. in USD’000)
You will be required to:
• Learn fast, continually and independently
• Work closely with all components of the ORR Team.
• Build effective relationship internal and external to ORR
• Educate and communicate at multiple levels and skillsets
• Enable innovation, but be prepared to challenge when push-back is needed
• Have strong written English skills
• The responsibility for non-financial risk spans globally. You may also be responsible for local entity management for other team members outside of your direct reports, according to HSBC local entity management requirements.
Requirements
What you will need to succeed in the role:
Knowledge & Experience / Qualifications (For the role – not the role holder. Minimum requirements of the role.)
• Strong level of business knowledge and broad cybersecurity knowledge
• Strong level of risk management knowledge and relevant experience
• Comprehensive knowledge of the internal control environment
• Academics: Graduate or Post Graduate, ideally in Computer Science, or related field
• Overall experience of 5+ years
• Should have worked in banking & risk environment
Key Capabilities
• Strong working knowledge of risk management frameworks, working experience in Information security and risk consultancy
• Strong knowledge of at least one of AI/ML, quantum computing or blockchain based technologies
• Enthusiasm for how technology works combined with a healthy scepticism and a willingness to constructively challenge
• Knowledge of cryptography
• Fast learner
• Collaborative and pragmatic
• Self-starter
• Strong communication, presentation and influencing skills
Desirable Skills
• Although the role does not necessarily include programming, a good understanding of software development would be advantageous.
• Security and Technology Risk certification, e.g. CCSP, CEH, CISSP
You’ll achieve more at HSBC
HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, ****** orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.”
Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
• Issued By HSBC Electronic Data Processing (India) Private LTD