Cybersecurity Principal Researcher

Job description

Global Cybersecurity Operations (GCO) provides a coordinated suite of “Network Defense” services, responsible for detecting and responding to information and cybersecurity threats to HSBC assets across the globe and is under the management of the Head of Global Cybersecurity Operations. This includes dedicated functions for the Monitoring and Detection of threats within the global estate as well as Cybersecurity Incident Management and Response activities. These two principal functions are supported by additional internal GCO capabilities in; Cyber Intelligence and Threat Analysis, Cybersecurity Sciences and Client Engagement and Support Services. Critical to the success of GCO is its close partnership with sister Cybersecurity teams, IT Infrastructure Delivery and Global Business and Function clients. The overall GCO mission is placed under the purview of the Group Chief Information Security Officer (CISO).

The Cybersecurity Sciences Team are charged with developing innovative solutions that augment current capabilities, automate existing processes and develop the next generation of tools, techniques and procedures to continually improve effectiveness and efficiency across the GCO business lines.

This small, but highly skilled and specialized team maintains subject matter expertise across a range of relevant topics, stays abreast of the latest adversary tactics, techniques and methodologies and maintains the domain knowledge of advanced cyber security techniques and procedures. This knowledge base is maintained through close partnerships across HSBC and global engagements with industry, academia, and government.

Cybersecurity sciences will identify opportunities for improvement across multiple HSBC sectors, to improve the overall mission landscape by innovating and evaluating solutions, through the creation of prototypes, pilots, funded research and development efforts. They will work with sister Cybersecurity teams to transition these capabilities into operational services. In addition, the team will engage in special projects on behalf of GCO and provide specialist advice to HSBC Leadership.

This mission is critical to the protection of HSBC customers, the HSBC brand, HSBC information, financial assets and ultimately shareholder value, through ensuring HSBC remains a market leader in protecting our customers and assets.

The Cybersecurity Principal Researcher is accountable for:

· Developing new and innovative approaches that will later become a business as usual capability.
· Advising HSBC leadership on the latest trends in cyber security research and best practices, through close collaboration and engagement across HSBC and with industry, academia, and government.
· Spearheading the next generation of cyber security tools techniques and procedures through the creation of prototypes, pilots, and funded R&D efforts to enhance analytic capabilities, improve defensive postures and ensure maximum efficiency across the GCO.
· Identification of new and innovative methods for improving situational awareness and countering advanced threats across the Group.
· Prototyping internal HSBC capabilities, leveraging the global HSBC footprint, enabling the team to fully understand the latest tactics, techniques and procedures of advanced adversaries, through direct observation and manipulation.
· Participation in and support of external offensive engagements with industry partners, law enforcement and the wider security community, that projects HSBC expertise in protecting the bank and its customers against systemic threats.
· Establishing HSBC as a leader in information security through contributions across multiple sectors in industry, academia and government.
· Supporting the development of a “self-critical” culture, whereby identification of weaknesses in the bank's control plane (people, process and technology) are brought to light in an effective manner and addressed through performing strategic assessments that analyze the processes, techniques and procedures across the HSBC mission areas.
· Participation in special projects on behalf of HSBC and GCO Leadership.
· Working with the HSBC Leadership team to ensure the successful transition from research to standard business practices to improve HSBC's security posture and business processes.
· Establishing HSBC as a valued contributor to information sharing efforts across the industry that helps to drive a positive image of the bank with our peers and regulators in the markets we serve.
· Transitioning prototypes and research to HSBC Cybersecurity teams for production and global deployment.

Impact on the Business

· Supports the development of the Global Cybersecurity Sciences function, engaging with colleagues across Cybersecurity and other IT functions to drive and deliver sustainable operational plans in line with department strategy.
· Leads and facilitates change through clear strategy, operational planning and effective communication and stakeholder management.
· Drives business performance, clear thinking and utilizes experience whilst under pressure.
· Delivers sustainable business outcomes.
· Responsible for building effective technology and process control capability that is continuously re-factoring to meet evolving security and compliance needs
· Works closely with peers and business leads to build and implement controls in alignment with risk-posture, architectural constraints, company strategic direction and industry trends and best practices.
· Drives delivery of the highest standards and outcomes, inspiring others to do the same. Focuses on medium and long term goals even when under pressure or facing uncertainty. Manages expectations, results and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.
· Strategically drives innovation to gain competitive advantage, taking calculated, entrepreneurial risks to achieve business outcomes. Generates an environment in which innovation is seamlessly embedded into working practices.

Customers / Stakeholders

· Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.
· Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short and long term shifts in business/function patterns of activity and demand.
· Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.
· Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy. Key relationships to include Functional heads across the other HOST functions and external account managers for third party suppliers and vendors, along with other regional counterparts across the globe, Cultivate strong relationships with organizationally important global and/or high value stakeholders with a tailored approach.

Leadership & Teamwork

· Supports the development of the Cybersecurity Operations teams, making sustainable decisions that protects and enhances HSBC's values, reputation and stakeholder value.
· Actively encourages a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify talent.
· Authentically engages a diverse group of stakeholders internally and externally to influence the achievement of best outcomes for all stakeholders.
· Builds rapport and mutual understanding to communicate and create opportunities for cross-business and/or international working, encouraging debate and open discussion. Encourages people to build sustainable relationships beyond transactional levels and use empathy and insight to build better understanding of mutual benefits.
· Advanced coach / mentor contributes to the establishment of good coaching and mentoring practices. Demonstrates alternative techniques for diagnosing and coaching individuals and teams.

Operational Effectiveness & Control

· Governs risk responsibly. Promotes ethical management of risk across regions and business areas within their area of responsibility.
· Communicates changes in policy and governance effectively, reinforcing risk processes within their area of responsibility.
· Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their area of responsibility.
· Embeds efficient risk and compliance processes and procedures into business as usual practices.
· Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.
· Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.
· Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate.

Management of Risk

· The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
· The jobholder will also continually reassess the IT Security and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
· This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.

Observation of Internal Controls

· Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
· The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified IT security risks.
· The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance' embraces all relevant financial services laws, rules and codes with which the business has to comply.
· This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.

Desired profile

Qualifications :

Skills
·  A background in technical research and development.
·  Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures.
·  Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and applicable laws.
·  Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
·  An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative and actionable manner.
·  Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organisation.
·  Proven ability to collaborate across industry, academia and government to solve complex cyber security problems.

Technical Skills

·  Expert level knowledge and demonstrated experience in advanced adversary tactics, techniques and procedures, both from an offensive and defensive perspective.
·  Expert level knowledge and demonstrated experience in architecting and automating highly complex analysis for identification, detection and response.
·  Expert level knowledge and demonstrated experience in developing and deploying real-time analysis capability of large scale and often diverse data sets, that enable more effective, efficient and coordinated defense capabilities.
·  Experience interfacing with technology teams to bring lab concepts to market within an organisation and building effective operational models to ensure capabilities are able to be fully utilized and grow to meet the needs of the team.
·  Expert level knowledge in the thought process, methodologies and techniques used by advanced criminal and nation state adversaries spanning multiple aspects of the security domain.

Industry Experience and Qualifications

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:

·  5+ years of experience in a senior security researcher role or similar.
·  Experience within an enterprise scale organisation, preferably in the finance or similarly regulated sector.
·  Industry recognized cyber security related certifications including; CEH, EnCE, CRISC, SANS and/or CISSP.
·  Formal education and advanced degrees in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same
·  Scientific publication and/or experience presenting at major industrial conferences.
·  Experience leading geographically distributed team that are composed of individuals matrixed across different business lines.
EEO/AA/Minorities/Women/Disability/Veterans