Description de l'offre
The role of the Application Security Engineer - Tooling SME supports a number of technologies and services across a globally dispersed team. This includes cryptography and encryption technology, Data Loss Prevention, Security Infrastructure and vulnerability management. These collective teams assure critical functions and billions of pounds worth of transactions across the organization.
The Application Security Engineer – Tooling Subject Matter Expert (SME) is charged with protecting the HSBC brand, shareholder value, information and financial assets, managing a team across the globe in the following ways:
· Supporting the delivery and operating Strategy
· Providing key representation for and source of expertise on all issues.
· Support the delivery of tooling to implement controls ensuring compliance with HSBC Information Security policies and standards globally including any regulatory requirements.
· Collaborate to drive the implementation of the enterprise wide and regional / business level IT Strategy.
· Ensure information security requirements are adhered to globally by ensuring effective compliance and measures are in place.
· Work closely with the team as the first line of defence function and understand strategy while maintaining visibility of their IT security risk profile, exposures and control effectiveness and to provide robust challenge to the same audience when information security risk appetites are breached.
· Drive engagement with all relevant regional and global stakeholders (cyber security colleagues across Strategy and Architecture, Security Shared Services, Security Engineering and business and IT Functions).
Your responsibilities will include:
· Ensuring any decisions, services and technology is delivered and runs in a compliant, effective manner and delivers appropriate benefit to the business.
· Provide technologies that better help the business grow and develop. Ensure that the business requirements are fully understood whilst ensuring the HSBC Security vision is delivered in live with business expectations.
· Provide advice, guidance and support to the business
· Work with IT and Business stakeholders to proactively deploy and build out technology solutions to help reduce risk while acting with the overall business risk appetite.
· Support a customer-cantered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to maximize IT security to improve business operations.
· Support key relationships in global cyber security and local IT. Cultivate strong relationships with organisationally important global and local stakeholders with a tailored approach
· Understand the financial services industry security and threat landscape
· Promote collaboration with relevant functions (IT, Risk, etc…). Grow local staff in the global IT Security function.
· Create a collaborative environment within the team, and externally with other teams (such as IT, ISR, Audit, etc.).
· Work with Integrity and always with the business in mind
· Adopt and roll-out global tools and processes when available. Understand the global IT Security expectations and drivers, to align frameworks. Engage with global teams to perform global tasks.
· Manage impacts of risk and control frameworks. Track and remediate any issue, finding or recommendation. Contribute when required to global and regional audits.
The ideal candidate for this role will have the below experience and qualifications:
· Typically educated to degree level or equivalent and the ability to demonstrate experience within an IT and Cyber Security environment
· Industry qualifications (CISSP, CISA, CISM) are desirable
· Experience with the following tools - IBM Appscan, Contract Security, Checkmarx, Fortify, Tenable Nessus, Confluence, JIRA
· Technical skills – Linux, Windows, WAF/RASP/IAST/DAST, troubleshooting, Shell Scripting are desirable
· Ability to build strong relationships and communicate on complex IT Security issues within a wide spectrum of stakeholders and able to advise on technical matters to a non-technical audience
· Cyber Security experience with a specific focus on application tooling (Static, Infrastructure, Real time and Dynamic Security tooling and processes)
· Experience of building and deploying tooling to support Application Security tooling strategies
· Experience of Web Security technology aimed at the application layer – e.g. Web Application Firewalls
· Experience of working within a highly regulated environment
· Excellent written and spoken communication skills; an ability to communicate with impact, ensuring complex information is articulated in a meaningful way to wide and varied audiences
· A track record of making complex business decisions with authority, even in times of ambiguity, considering the potential long term risks and implications
· Experience of creating and deploying comprehensive business/operating plans which consistently deliver desired results
· A comprehensive understanding of risk management and proven experience of ensuring own/others' compliance with relevant regulatory processes
The base location of this role will be Sheffield.
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.