Head Of It Security Sub-Function – Identity And Access Management
Graduate job London (Greater London) IT development
Job description
Role Title: Head of IT Security Sub-Function – Identity and Access Management
Business: IT Security
New or Existing Role? New
Role Purpose
HSBC is organized by a number of lines of business and global functions. Two of these functions HSBC Technology Services (HTS) and Risk have respective departments, IT (composed of Software Delivery and IT Operations) and Information Security Risk (ISR) within them.
IT Security, in the first line of defence, will serve as the focal point in IT for security related activities ensuring that HSBC’s electronic based assets are monitored, managed, accessed and protected effectively so that only those people with a legitimate business need can access or modify them, when they need to do so.
Working with IT and Information Security Risk (ISR), IT Security will ensure that key security risks related to IT are identified, assessed and managed. The controls implemented must also be monitored for completeness, performance & efficiency.
The purpose of this role is to form the Identity and Access Management Security sub function focused on information security activities. The job holder will build and develop a global team to deliver identity management including authentication, authorization, privileges and review of actions, across all the Bank’s system boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. Driving the ethos and practice that only the business will truly be able to determine the appropriateness of an individual being granted access to their data and therefore a focus will be placed on enabling the business to review and approve access to their data. The job holder will also ensure that all access where possible, must be granted without IT intervention and be centered on a single identity system. The job holder will need to ensure the following tasks are completed :
- Implementation of Security Technical Solutions and associated processes and controls
Access Management provisioning (including Privileged Access)
Risk Reporting
Monitor KRIs & KPIs
As part of creating the IT Security sub function the job holder will be expected to propose, gain acceptance and implement the team and processes associated with building a best in class IT Security function. The job holder will also be responsible for introducing controls to be able to demonstrate that IT is adhering to Information Security policies and process.
Forming the IT Security sub function will involve strong, organizational, man management and interpersonal skills as it will involve resolving the demarcation of current responsibilities and activities between IT and ISR
Key Accountabilities
Impact on Business
Driving Sustainable Growth. Develop the IT Security Sub-Function responsibly, engaging with colleagues across IT and ISR and wider to deliver sustainable operational plans in line with department strategy. Occasionally engaging with Senior Managers 2 levels above peers internally and externally including the likes of Finance, Legal and other global businesses, Leads and facilitates change through effective communication, preparation and implementation.
Achieving Excellence. Drive business performance, persevering under pressure. Ensure contingency is built into plans to cope with unexpected issues.
Innovation and Ideas Management. Drive innovation strategically, to gain competitive advantage. Take calculated, entrepreneurial risks to achieve the required outcomes. Generate an environment in which innovation is seamlessly embedded into working practices. Act as a visionary to lead disruptive innovation in a way that keeps the Group ahead of the competition and drives an innovative idea pipeline
Customers / Stakeholders
· Customer Focus. Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to utilise IT Security services to improve a business operation. Typically on a peer to peer level, but occasionally engaging with Senior Managers 2 levels above peer, within function and externally. Key customers could include HSBC’s Global businesses, regularly engaging to support requirements
· Strengthening Stakeholder Relationships. Build relationships to influence decisions and ensure stakeholder advocacy, using organisational knowledge, key to this is the engagement with the other Heads of IT sub-function and peers across ISR and HTS.
Leadership & Teamwork
· Managing and Leading. Lead and develop the IT Security Sub-Function team, making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value. Actively encourages a learning culture. Authentically engages a diverse group of stakeholders including Legal, Audit, technology, and Global Businesses internally and externally vendors to influence the achievement of best outcomes for all stakeholders
· Collaboration. Lead collaboration by championing international and cross-business working and cross-cultural interactions in the best interests of customers, colleagues and the bank. Recognised internationally as a trusted ambassador for the organization, managing strategic relationships with professionalism and integrity to deliver win-win solutions.
· Coaching. Advanced coach / mentor Contributes to the establishment of good coaching and mentoring practices. Demonstrate alternative techniques for diagnosing and coaching individuals and teams.
Operational Effectiveness & Control
· Managing Risk Responsibly. Govern risk responsibly. Promote ethical management of risk across regions and business areas within their teams. Communicate changes in policy and governance effectively, reinforcing risk processes within their team.
· Financial and Budget Management. Manage department finances. Accurately interpret strategic financial information: makes insightful decisions in financial planning and programme performance monitoring. Identify and highlight financial implications of risks/ issues, involves stakeholders and manages budget variation as appropriate
Major Challenges
· Budget. On-going requirement to increase efficiencies, seek alternate sustainable solutions, identify sustainable savings to fund investment
· Internal and external relationships. Communicate and achieve active support for the implementation of IT and IT Security Target Operating Model and Strategy as it relates to the Sub-Function, from internal peers and external suppliers. Balance this globally aligned implementation with specific drivers at a regional and local IT Security level
· People. Lead and manage a team across multiple diverse cultures and geographies, implementing IT People Strategy, acting in a manner consistent with local practices, policies and regulations.
· Regulatory. Remain cognisant of local regulations which will influence and can constrain implementations.
· Strategic Input. Develop the goals and strategy of the Sub-Function, and ensure these are congruent with IT and vice versa. Ensure the Sub-Function is aligned to deliver these goals and strategy. Ensure peers in the same Function, other IT Functions and supporting Bank functions are clear of the aims of the strategy, identifying any areas of conflict and opportunity.
· Strategic input. The job holder has to work closely with ISR and IT functions to ensure the responsibilities and accountability between the two is clear. In general terms ISR will move towards being a policy setting, control, oversight and consultancy organization and IT will build and maintain IT systems together with their day to day operations. This will involve moving people between the two functions in accordance with the three lines of defence model. This will be challenging because of the existing blurred job roles and the skill set of the incumbents.
Role Context
Budget. Directs the prioritization of spend, ensuring value for money, balancing cost vs benefit
Internal and external relationships. Global responsibility for a significant part of one of IT Security’ functions.
People. Functional responsibility for people, expense, strategy and operation.
Regulatory. Develops procedures and policy in the context of IT frameworks. Collaborate with Regional peers to ensure compliance and adherence to regulations and policy
Strategic Input. As strategies evolve for IT and IT Security and for the Sub-Function, ensure they remain congruent with each other and the Bank’s strategy. Ensure full advantage is taken as IT globalizes its functions. Manage challenges where 3rd parties’ (internal and external) goals and strategies are not entirely aligned, seizing the opportunities these differences present.
Management of Risk
The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
The jobholder will also continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department
Influence on Department Strategy.
Observation of Internal Controls
· Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
· The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
· The jobholder will implement the Group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
· This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators.
Role Dimensions
Budget and People – Typical budgetary signoff would be in the region of $300k , the overall cost of the sub-functional budget will differ greatly depending on whether the Sub-function supports a technology function, Typical budget for the sub-function would be up to $25M, Approximately the direct headcount would typically be 8, with an indirect headcount up to 300 staff, This role will also include functional and entity responsibility.
Relationships
- Internal relationships extend to peers across other function within IT, ISR, HTS and externally to HSBC global businesses, and will also include external relationships with vendors, typically Audit Legal, and Technology where the need arises.
Regulatory. Drives Implementation, Governs Risk Responsibly, Promotes ethical management of risks, communicates changes in policy and governance effectively, Ensures in country regulatory processes and procedures are adhered to.
Strategic Input. Monitoring the Strategy, developing and defining the sub-function strategy
Desired profile
Knowledge & Experience / Qualifications
Typically educated to degree level
Extensive experience in a managerial role within an IT/IT Security or related field, including experience of managing a global function with a geographically dispersed team
Ability to build strong relationships and communicate with a wide spectrum of stakeholers
Excellent knowledge of the project lifecycle and Group Strategy
Understanding of business finance and experience of effective managments of budgets and expenditure
Comprehensive understanding of positioning Bank approach and policy in context of wider industry trends and direction
Within HSBC certain roles are designated as Enhanced Vetting Roles. For these roles, all internal and external applicants are required (subject to local laws), to pass satisfactorily a series of additional checks both as part of the application process and, if successfully recruited into the Enhanced Vetting role, on an on going basis. The Group reserves its position with regard to any steps which it may take in relation to any material adverse findings which arise either when the checks are first carried out as part of this recruitment exercise, and/or if relevant, on an ongoing basis.
This role has been designated as a Enhanced Vetting Role.
For more information about the relevant additional checks for this role please contact the hiring manage
About HSBC
HSBC est l’une des plus grandes banques internationales avec une présence dans plus de 85 pays dans le monde. Elle a été créée en 1865 sous le nom de « The Hongkong and Shanghai Banking Corporation », et son siège social est basé à Londres. En France, HSBC totalise environ 400 agences et près de 10 000 salariés, avec une spécialisation dans plusieurs activités : une banque pour les particuliers, spécialisées notamment dans la gestion de patrimoine, une banque privée (gestion de fortune), une banque d’entreprises, qui s’appuie sur le réseau de l’ensemble du groupe HSBC dans le monde, et une banque de financement, d’investissement et de marchés. En 2012, HSBC France a réalisé un résultat avant impôt de 450 millions d’euros.