Insider Risk Monitoring Specialist
Geneva (Genève) IT development
Job description
Role Purpose
The Insider Risk Monitoring Specialist supports the identification, protection, detection and response (REACT process) of the risk associated with employees, contractor or 3 rd party, linked to information handling and protection. He/She ensures the appropriateness of information security / IT Security measures and controls, timely detection of breach and reports to the relevant stakeholders.
The team is responsible for the overall oversight on controls and monitoring related to the information protection in line with the Insider Risk / People risk framework. It also performs a certain number of IT Security controls and monitoring activities.
The ISR Insider Risk Monitoring Specialist will work closely with the various stakeholders responsible for IT operations and IT Security controls for Private Bank.
The role requires high integrity and diplomacy due to the sensitive nature of the work and information handled.
Principal Accountabilities:
Impact on the Business
· Operate and take ownership of the different monitoring platform under the team managements, review the security logs and ensure appropriate actions are taken in a timely manner.
· Ensure Insider Risk BAU activities are done efficiently and in a timely manner, including the different controls linked to the People Risk framework and 1 st line activities (SOX control like failed login or database monitoring, violation of IT policies, IT Security controls)
· Assist the team in responding and investigating on information security incident, system breach and any data leakage incidents.
· Develop or maintain incident response procedures and monitoring documentation up to date.
· Assist IT staff in identifying security exposures. Work with IT technical staff to recommend corrective action and proposes information security enhancements.
· Complete other related information protection duties as assigned
· Key objectives delivered to plan
· BAU activities, including but not limited to log review, DLP monitoring, Guardiums, and controls are performed with care and in a timely manner
· Violations are escalated when needed
· Controls and monitoring are efficient and is aligned with the Bank risk appetite
Customers / Stakeholders
· Building and deepening relationships with key stakeholders at all levels, including IT Security, Host.
· Grow the collaboration with the various IT Security team and Group SOC, to ensure information sharing on threat and risk indicators.
· Assist the 1st line of defense providing guidance when needed.
· Ensure a systemic approach on information / IT security by having a transversal view. Develop and foster relationship accros the organization.
· Risk opinion and guidance provided to HTS (IT) and various stakeholder
· Information and IOC (Indicator of Compromise) are shared amongst the Cyber Intelligence communauty
Major Challenges
· The role holder needs to establish and maintain very good working relationships with a wide range of stakeholders, also based in other locations. The challenge is to be open to other points of views and to collaborate efficiently.
· The role holder is exposed to a large volume of information related to a wide range of topics. The challenge is to stay focus on the essentials, to prioritise tasks and have a risk-based and pragmatic approach.
· Dealing with rapid and continuous changes in technology resulting in new security vulnerabilities and on-going evolution of related information security regulations. Information Security Risk has become more critical and complex as technology continuously evolves. Also, continuous change in the organization and the process foster the need of continuous adaptation and challenge of the control's effectiveness.
· Insider threat poses a major concern across the bank and the industry, but it is a relatively new topic, as traditional notion of cybersecurity focus on attacks that arise from external threats. As the team and the topic is in its infancy, work needs to be done to continue to build a framework of control, develop and mature the monitoring activities as well as educating the Group on this cybersecurity topic.
Role Context
· The position is located in the Information Security Risk function, which reports into the Security Risk function.
· The role at GPB level covers the coordination and oversight of the Information Risk 2nd line of defence within all GPB HSBC entities undertaking a Private Banking activity, including remaining 1 st line controls and monitoring activities currently still performed within the GPB ISR team.
· Given a past incident within PBRS and the role internal employees have in information protection, a People Risk Framework has been created in Switzerland. The Insider Risk team has been created during the re-shaping of ISR, with the mission to support, develop and promote the People Risk Framewok. The team act as SMEs and advisors on all risk related to insider (monitoring, detection, investigation, mitigating controls) as well provide guidance and assistance for specific project (hand-over, …).
Management of Risk
· The jobholder will also continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
Observation of Internal Controls
· Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
· Understands, follows and demonstrates compliance with all relevant internal and external rules, regulations and procedures that apply to the conduct of the business in which the jobholder is involved, specifically Internal Controls and any Compliance policy including, inter alia, the Group Compliance policy.
Role Dimensions
· This role typically is the main business and ISR contact for any matters related to threat or breach of information security caused by employees. It is focused on the monitoring and the detection of any breach of our policy. It includes the steps related to Security Incident Response (detect, investigate, remediate and recover). Particular focus of the insider risk is on the prevention and detection of any breach with the IT security tool we operate.
Desired profile
Knowledge & Experience / Qualifications
· At least 3 years in IT/Information security and/or IT and/or Audit and/or risk management
· At least 3 years in an international environment with large scale IT operations
· Experience within IT/Information Security in the financial sector an asset
· Understanding of advanced security protocols and standards.
· Good communication and interpersonal skills, ability to communicate effectively with staff at all levels
· High level or professional ethics, rigorous minded, versatile and pragmatic
· Proactive minded, self starter and autonomous
· Team player, ability to work under pressure
· Good organizational skills, multicultural sensitivity and dynamism
· High level of discretion and integrity
· Ability to keep personal expertise up to date in a rapid and continuing changes in technology
· A holistic understanding of attack vectors and current threats and the ability to create high quality deliverables is essential for this role. A background in computer forensic practices and procedures, basic investigations, and evidence handling is an advantage.
· The role is subject to the enhanced vetting process
Within HSBC certain roles are designated as Enhanced Vetting Roles. For these roles, all internal and external applicants are required (subject to local laws), to pass satisfactorily a series of additional checks both as part of the application process and, if successfully recruited into the Enhanced Vetting role, on an on-going basis. The Group reserves its position with regard to any steps which it may take in relation to any material adverse findings which arise either when the checks are first carried out as part of this recruitment exercise, and/or if relevant, on an ongoing basis.
This role has been designated as an Enhanced Vetting Role.
For more information about the relevant additional checks for this role please contact the hiring manager.
Under the Company's internal 'Back to Front'/'Front to Back' transfer policy this role may be classed as High Risk. As a result, internal candidates may require enhanced approvals and vetting checks if they are currently employed in a Front Office department, or if they have worked in a Front Office department within the last 5 years (please refer to the HR FIM definition for further guidance). The enhanced approvals and vetting would need to be completed before the candidate will be confirmed in the role.
We are an equal opportunity employer and are committed to creating a diverse environment.