1. Home
  2. IT development
  3. Business Information Risk Officer

Offers “HSBC”

Expires soon
HSBC

Business Information Risk Officer

  • London, UNITED KINGDOM
  • IT development
Apply Now

Job description



Role Title: Business Information Risk Officer

Business: GBM
New or Existing Role? New
Grade: GCB4

Role Purpose
· The UK Business Information Risk (BIRO) is responsible for engaging with business heads and COOs in the country to drive the management of Information Security & Cyber risk. The BIRO will shape and drive delivery of the information security and cyber risk management activities.
· This will require an understanding of the Global Banking & Markets business as well as the technology, technology controls, control gaps and remediation along with review and challenge of the Business Risk & Control Assessments (RCAs), providing sme input relating to all aspects of risk management (assessment, controls, remedial actions) of the information security and cyber risks in the RCAs.
· The UK BIRO for will have the following key responsibilities & accountabilities:
· Engaging with business heads and COOs to ensure they understand their information security & cyber risk profile and proactively drive remediation for areas under their controls.
· Responsible for providing information security, cyber and technical SME input to the business in support of their risk management activities, translating technical risk and control related aspects to non-technical business
· Responsible for undertaking deep dives of cyber and information technology issues, as directed by the Chief Control Officer and recommending practical remediation activities.
· Driving quality information security risk assessments in the RCAs, ensuring gaps are identified and appropriate remedial actions agreed. Supporting the business in developing and executing appropriate monitoring for key controls.
· Responsible for understanding technology, issues and remediation and translating into Business risk. Able to drive and influence adoption of Business requirements in Technology and wider organisational remediation programmes.
· Accountable for taking the lead for pan-GBM information risks, ensuring these are understood, assessed & documented in RCAs.
· Responsible for providing Business and GBM CCO management with a view of their information risk landscape in country through appropriate metrics and timely updates.
· Responsible for engaging with 2nd LOD functions, responding to 2LoD requests and ensuring 2LoD observations are understood and where required remediation plans are in place.
· Responsible for engaging with key Group Functions like Cybersecurity and IT etc, ensuring that non GBM lead remediation is understood and GBM responds appropriately.
· Accountable for developing and maintaining an engaged and active network of security champions (Department BIROs - DBIROs) , ensuring DBIRO responsibilities are understood and executed to drive wider understanding of information security risk
· Responsible for cultivating a culture of information security awareness & good conduct through regular communications, awareness, training and cultivating an engaged and knowledgeable DBIRO network

Major Challenges
· Bring to bear a broad range of skills related to information technology, information security & cyber, and risk management in an investment bank
· Objectives will be achieved via matrix management rather than direct control of resources, so strong influencing skills are essential to drive results, particularly when fostering support from senior executives, CCOs, Control Owners and DBIROs across the Global Businesses.
· Engaging key stakeholders from differing disciplines, Business, Cybersecurity, Information Technology, ISR, Operational Risk.
· Outstanding communication skills are required to manage expectations, drive opinion and affect change across all stakeholder groups
· In line with the overarching GBM strategy, the implementation of new processes/policies must be globally consistent.

Role Context
The jobholder:
· Will be in close working contact with senior managers/executives and will need to maintain credibility and influence at all levels
· Is a member of a range of global and country/regional committees and working groups with different objectives and seniority levels
· Is accountable for driving the implementation of global and GBM specific information security and cyber risk management activities and drives the business' information security risk management
· Effectively implements the information risk framework and is the subject matter expert in the country
· Will support projects and processes that will have a significant impact on all GBM employees and businesses as required
· Is required to be flexible enough to adapt to multiple disciplines: business/control, risk/project management, persuasion/collaboration

Observation of Internal Controls

· Maintain HSBC internal control standards
· Facilitate compliance with policy through the implementation of GBM information security requirements and management of the DBIRO network
· Engage with CCOs, Information Security Risk, internal and external audit on information security & cyber related issues and oversee the resolution of information risk audit points and MSII,
· Maintain a strong compliance culture that adheres to the spirit and the letter of all laws, regulations and Group Compliance policies which apply to area of responsibility

Desired profile



Qualifications :

Knowledge & Experience / Qualifications

Technical Skill Requirements
·  Strong understanding of information security & cyber risks and potential mitigating actions, industry / good practice risk/control frameworks
·  Strong understanding of information technology and technology control requirements as well as associated industry frameworks
·  Good understanding of related risk/control disciplines (Operational Risk,
·  Flexibility in working arrangements, as the role will require travel and irregular working hours

Educational Requirements
·  Information Security certifications e.g. CISA, CISM etc will be an advantage

Personal Skill Requirements
·  Highly developed influencing and relationship management skills, particularly at the senior business level
·  Excellent written communication, research and analytical skills
·  Good negotiating skills
·  Ability to work autonomously, under minimal supervision
·  Good team and network management skills

Experience
·  Managing information security in financial services, preferably an investment bank
·  Management or review of technology risks and controls
·  Performance of risk and controls assessments related to information technology and information security

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

https://www.hsbc.co.uk/1/2/popups/uk-privacy-statement#/ overview

Make every future a success.
  • Job directory
  • Business directory
    •