1. Home
  2. IT development
  3. Encryption Oversight Analyst

Offers “HSBC”

Expires soon
HSBC

Encryption Oversight Analyst

  • Arlington Heights (Cook)
  • IT development
Apply Now

Job description

The HSBC Cryptography team looks after the encryption technology and key material which protects, validates and assures critical functions and billions of pounds worth of transactions across the organisation.

The purpose of this job is to ensure that the team act according to procedures, standards and best practice at all times when handling

Impact on the Business

· Provides observation and independent reporting on cryptography related activities undertaken by the cryptography team.
·
Ensures that all activity is undertaken to appropriate standards of behavior and in compliance with the standards set by HSBC and those set by external organisations

·
Plan and perform oversight review, perform crypto assessments, review crypto related control process and procedures>

·
Ensure crypto related inventory controls (key and HSM) are maintained

·
Support the attestation of design and operation effectiveness control

·
Provide guidance and consultation in new crypto technology, process and control

·
Maintain risk registry for dispensations and findings

Customers / Stakeholders

· Report progress and identify and raise any issues/risks, escalating as appropriate to enable satisfactory resolution.
·
Build trusting relationships with stakeholders by consistently meeting and delivering upon their business needs; demonstrating and being respected for your domain knowledge.

·
Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.

The key stakeholders for this role are:

· Cryptography service delivery analysts
·
Internal attestation and reporting teams

·
Communicate findings and assess/articulate risks in timely manner in form of executive reports

Leadership & Teamwork

· Support peers who deliver and maintain the bank's encryption technology by providing guidance and supporting the team in complying with the standards that apply to their activities

Operational Effectiveness & Control

The aim of the role is to provide oversight which can feed into audits and reviews undertaken into the cryptography team's work.

To this end all documentation must be completed accurately and completely and correctly stored for future reference.

The role holder should challenge activity which is outside the risk appetite of the business.

Management of Risk

The jobholder will ensure the fair treatment of our customers is at the heart of everything we do, both personally and as an organisation.

This will be achieved by consistently displaying the behaviours that form part of the HSBC Values and culture and adhering to HSBC risk policies and procedures, including notification and escalation of any concerns and taking required action in relation to points raised by audit and/or external regulators.

The jobholder is responsible for managing and mitigating operational risks in their day to day operations. In executing these responsibilities, the Group has adopted risk management and internal control structure referred to as the ‘Three Lines of Defence'. The jobholder should ensure they understand their position within the Three Lines of Defence, and act accordingly in line with operational risk policy, escalating in a timely manner where they are unsure of actions required.

Through the implementation the Global AML, Sanctions and ABC Policies, supporting Guidance, and Line of Business Procedures the jobholder will make informed decisions in accordance with the core principles of HSBC's Financial Crime Risk Appetite.

The following statement is only for roles with core responsibilities in Operational Risk Management (Risk Owner, Control Owner, Risk Steward, BRCM, and Operational Risk Function

The jobholder has responsibility for overseeing and ensuring that Operational risks are managed in accordance with the Group Standards Manual, Risk FIM, & relevant guidelines & standards. The jobholder should comply with the detailed expectations and responsibilities for their core role in operational risk management through ensuring all actions take account of operational risks, and through using the Operational Risk Management Framework appropriately to manage those risks.

This will be achieved by:

· Continuously reassessing risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
·
Ensuring all actions take account of the likelihood of operational risk occurring, addressing areas of concern in conjunction with Risk and relevant line colleagues, and also by ensuring that actions resulting from points raised by internal or external audits, and external regulators, are correctly implemented in a timely fashion.

Observation of Internal Controls

The jobholder will adhere to, and be able to demonstrate adherence to, internal controls and will implement the Group compliance policy by adhering to all relevant processes/procedures.

The term ‘compliance' embraces all relevant financial services laws, rules and codes with which the business has to comply. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.

Desired profile

Qualifications :

·  Background understanding in crypto technologies applicable to financial service, cloud security, data security, internet and cyber security.
· 
Basic Programing in Java, Python or similar language.

· 
Prefer PCI QSA, CISA/CISM, CISSP, ITIL. Working knowledge in Internal Control, Compliance a plus.

EEO/AA/Minorities/Women/Disability/Veterans

Make every future a success.
  • Job directory
  • Business directory
    •