ISR Controls & Policy Senior Manager
HSBC Group
Edinburgh, Midlothian, United Kingdom
9d ago

Description

Role Title : ISR Controls & Policy Senior Manager

Business : Risk Management

New or Existing Role? Existing

Role Purpose

  • Leading on the design, development and implementation of a subset of ISR policies, ensuring information and cyber security policies are designed to reduce the Bank’s top risk and contribute in the development of the remainder of the policy estate
  • Applying deep subject matter expertise in designing policies and controls for use and execution, ensuring compliance with regulatory matters relating to information security and cyber risks
  • Supporting the effective implementation of the ISR Controls & Policy Framework ensuring consistency of policy implementation globally, for example through the implementation of a global governance process
  • Leading on the revision of all information and cyber security policies to align with the risk strategy, ORMF and industry best practice
  • Engaging senior stakeholders through the framework, ensuring policies are articulated and understood across the business
  • Acting as a centre of excellence in providing guidance on all information and cyber security policies and procedures of an effective operational risk and internal control environment
  • Manage the process for reviewing challenging and overseeing exceptions to a subset of ISR policies
  • Ensure that adequate assurance plans and risk metrics are in place to support the 2nd line of defence risk steward responsibilities for a subset of the ISR policy estate
  • Impact on Business

  • Defining and designing the control environment through effective development of ISR policies
  • Designing policies and controls and reviewing proposed changes from other areas of ISR
  • Continuous monitoring of policies to ensure they remain fit for purpose’
  • Providing best in class’ advice, guidance and clarification on adhering to the ISR Policies
  • Maintaining and supporting the Policy and Risk & Control Libraries
  • Providing feedback and requesting changes on relevant IT FIM and Global Risk FIM policies
  • Advising on the Dispensations Review Framework
  • Reviewing and making recommendations on dispensation requests.
  • Maintain a risk view for a subset of ISR policies
  • Customers / Stakeholders

  • Group HSBC Executives and other senior management fora (GMB, FSVC, Group RMM, GAC, GOR etc.) where required by the Head of Information Security Risk Policy & Controls
  • Global Businesses and Global Functions including CEOs, COOs, CROs, BRCMs and their governance (e.g. RMCs) where required by the Head of Information Security Risk Policy & Controls
  • Regions and Countries CEOs, CROs and COOs as needed
  • Leadership & Teamwork

  • The role will require operating in a global environment as part of a team of resources collaborating as needed with the other ISR teams and the global business / functions
  • The role will involve the delivery of a number of high-profile and critical deliverables on behalf of the Head of Information Security Risk Policy & Controls (e.
  • g. risk policy definition and framework review) that will require the input and collaboration of a large set of senior stakeholders within ISR and across the bank

    Operational Effectiveness & Control

  • Influence others to drive implementation of solutions that align with the ISR Policies & Controls to ensure the Bank remains within its risk appetite
  • Effectiveness of the ISR Controls Design & Policy Framework
  • To review and process dispensation requests raised by businesses that pertain to the management of operational risk and control
  • Major Challenges

  • The role will face a number of challenges :
  • Embedding and optimizing of the new ISR Policy & Controls function into the new Global ISR Target Operating Model by extensively reviewing and improving existing processes
  • Adapt the risk and control approach to design of policies according to latest developments
  • Ensure that potential information and cyber security risk controls are accurately recognised and incorporated into policies in a timely, concise and apposite report
  • The jobholder needs to have independence of thought and lateral thinking to assist management in optimising the level of business control and maximising efficiency
  • Role Context

  • The importance of information and cyber security risk and control has increased over recent years and has been identified as the Bank’s top risk.
  • The jobholder’s ability in identifying controls to be applied in policies around information and cyber security risks areas and key control weaknesses poses significant impact on businesses in meeting their strategic objectives.
  • The nature of the role requires close engagement with senior stakeholders globally.The jobholder is required to contribute to maintaining an excellent relationship with the Regulators and industry bodies in respect of information and cyber security risk.
  • The jobholder has to possess excellent knowledge on information and cyber security risks in order to develop a set of effective policies that can be implemented.
  • The role holder is expected to use discretion when handling any sensitive information, adhering to all relevant rules and regulations.

  • In addition, the jobholder is expected to be highly organized and to act independently and exercise broad discretion with minimal guidance and supervision.
  • Role Dimensions

  • No direct reports or direct budgetary responsibility
  • Management of Risk

  • The role is expected to adhere to all relevant FIM policies and operational risk guidelines
  • Observation of Internal Controls

  • Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
  • Knowledge & Experience / Qualifications

  • Subject matter expert in information and cyber security i.e. Information Security, IT Audit or Risk related activities
  • Experience in designing and leading governance and policy frameworks
  • Knowledge of regulatory environment in the financial services sector
  • Knowledge of Information Security Risk policies and standards
  • Strong communications, presentation and influencing skills
  • Able to negotiate and interact effectively at senior levels.
  • Strong understanding of the Operational Risk framework, in particular RCAs and the RCL
  • Excellent analytical skills to undertake analysis and interpretation of information risk related data for various areas in order to inform the definition of new policies and policy updates
  • Exposure to an operations and control environment in the financial sector
  • Expertise in in a relevant area i.e. Information Security, IT Audit or Risk related activities
  • Excellent technical writing skills to allow policies to be presented clearly, concisely and consistently
  • Need to have strong interpersonal skills to build and maintain relationships with a wide range of business stakeholders, even when conveying difficult messages that are required to protect the Bank
  • Within HSBC certain roles are designated as Enhanced Vetting Roles. For these roles, all internal and external applicants are required (subject to local laws), to pass satisfactorily a series of additional checks both as part of the application process and, if successfully recruited into the Enhanced Vetting role, on an on-

    going basis. The Group reserves its position with regard to any steps which it may take in relation to any material adverse findings which arise either when the checks are first carried out as part of this recruitment exercise, and / or if relevant, on an ongoing basis.

    This role has been designated as an Enhanced Vetting Role.

    For more information about the relevant additional checks for this role please contact the hiring manager.

    Under the Company's internal 'Back to Front' / ’Front to Back’ transfer policy this role may be classed as High Risk. As a result, internal candidates may require enhanced approvals and vetting checks if they are currently employed in a Front Office department, or if they have worked in a Front Office department within the last 5 years (please refer to the HR FIM definition for further guidance).

    The enhanced approvals and vetting would need to be completed before the candidate will be confirmed in the role.

    We are an equal opportunity employer and are committed to creating a diverse environment.

    Qualifications

    Knowledge & Experience / Qualifications

  • Subject matter expert in information and cyber security i.e. Information Security, IT Audit or Risk related activities
  • Experience in designing and leading governance and policy frameworks
  • Knowledge of regulatory environment in the financial services sector
  • Knowledge of Information Security Risk policies and standards
  • Strong communications, presentation and influencing skills
  • Able to negotiate and interact effectively at senior levels.
  • Strong understanding of the Operational Risk framework, in particular RCAs and the RCL
  • Excellent analytical skills to undertake analysis and interpretation of information risk related data for various areas in order to inform the definition of new policies and policy updates
  • Exposure to an operations and control environment in the financial sector
  • Expertise in in a relevant area i.e. Information Security, IT Audit or Risk related activities
  • Excellent technical writing skills to allow policies to be presented clearly, concisely and consistently
  • Need to have strong interpersonal skills to build and maintain relationships with a wide range of business stakeholders, even when conveying difficult messages that are required to protect the Bank
  • Within HSBC certain roles are designated as Enhanced Vetting Roles. For these roles, all internal and external applicants are required (subject to local laws), to pass satisfactorily a series of additional checks both as part of the application process and, if successfully recruited into the Enhanced Vetting role, on an on-

    going basis. The Group reserves its position with regard to any steps which it may take in relation to any material adverse findings which arise either when the checks are first carried out as part of this recruitment exercise, and / or if relevant, on an ongoing basis.

    This role has been designated as an Enhanced Vetting Role.

    For more information about the relevant additional checks for this role please contact the hiring manager.

    Under the Company's internal 'Back to Front' / ’Front to Back’ transfer policy this role may be classed as High Risk. As a result, internal candidates may require enhanced approvals and vetting checks if they are currently employed in a Front Office department, or if they have worked in a Front Office department within the last 5 years (please refer to the HR FIM definition for further guidance).

    The enhanced approvals and vetting would need to be completed before the candidate will be confirmed in the role.

    We are an equal opportunity employer and are committed to creating a diverse environment.

    Apply
    Add to favorites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form