GPB UK & CI Business Information Risk Officer (BIRO)

Job description

Role Title: GPB UK & CI Business Information Risk Officer (BIRO)

Business: Private Banking

New or Existing Role: Existing

Grade: GCB4

Role Purpose

The REgional Business Information Risk Officer (BIRO) is responsible for providing timely and quality advice to the business and shaping the information security and cyber risk management activities in region by actively participating in the RCA process and providing SME input relating to all aspects (risks, controls, remedial actions) of the information security and cyber risks in the RCAs. The Regional BIRO is not responsible for building the system infrastructure and of any information technology activities which fall under the remit of Cyber Security Function. The Regional BIRO is:

· Responsible for providing information security and cyber risk SME input to the business in support of their risk management activities, translating technical risks and control related aspects to non-technical business
· Supporting the business in ensuring that information security risks in the RCAs are adequately assessed, documented, gaps identified and appropriate remedial actions agreed. Support the business in developing and executing appropriate ICMPs
· Accountable for taking the lead for pan-PBGB/PBCI risks, ensuring these are adequately understood, assessed and documented in RCAs
· Responsible for providing Business with a view of their information risk landscape through appropriate metrics and timely updates
· Serve as the cyber and information security SME for the Business, translating technical controls, Group remediation and other information to business understood terms which help drive the risk management
· Responsible for undertaking deep dives of cyber and information issues, as directed by the Chief Control Office and recommending practical remediation activities to the Business
· Responsible for engaging with Country and local ISR and other 2nd LOD functions, responding to 2LoD requests and ensuring 2LoD observations are understood where required remediation plans are in place
· Accountable for developing and maintaining an engaged and active network of Department BIRO's , ensuring Department BIRO responsibilities are performed as documented in the Department BIRO Roles & Responsibilities
· Responsible for cultivating a culture of information security awareness & good conduct through supporting regular ISR communications, awareness and training by engaging knowledgeable Department BIRO network
· Responsible for assisting the Business in the identification, documentation and resolution of information risk issues and control gaps
· Responsible for engaging with key supporting functions like Cybersecurity, ITID, HOST etc., ensuring that non GPB/PWS lead remediation is understood and Business responds appropriately
· Report functionally to the GPB Lead BIRO and to the Regional BRCM covering the UK and C.I. and become a member of the GPB CCO organisation
· Support the GPB Lead BIRO in the embedding of a consistent Global risk management framework

Desired profile

Qualifications :

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies

We are an equal opportunity employer and are committed to creating a diverse environment.

https://www.hsbc.co.uk/1/2/popups/uk-privacy-statement#/ overview