Role Title: ISR Assurance Analyst
Business: Information Security
New or Existing Role - New
· The ISR Assurance Analyst role is part of the ISR Assurance team within Information Security Risk. The role of the ISR Assurance Analyst is to assist in the production and preparation of KRI data for the Assurance team as part of planning and preparation for the Assurance Reviews. The role holder will also be responsible for providing governance around the Assurance reviews, ensuring all reviews are carried out on time.
Impact on Business
· Analysis of the Information Security Risks faced by the GB/GFs.
· Reviewing KRIs and the risk position of a GB/GF, region, or country
· Providing monitoring of GB/GFs adherence to applicable regulations and analysis of impacts from/exposure to upcoming changes in regulations
Customers / Stakeholders
· Lead on the preparation of risk analysis and KRI data to the ISR Assurance Review team as part of the planning and preparation for Assurance Reviews
· Liaising with interested parties including Audit, and other 2LoD functions external to ISR such as Operational Risk
· Providing analysis and explanation of the changes in the Information Security Risk position
Leadership & Teamwork
· Collaborating effectively with SMEs from across the ISR teams to understand changes in the Information Security Risk position
· Collaborate with ISR colleagues in other regions and countries to monitor and understand the Information Security Risk position for the GB/GFs
· Work with the ISR Information Managers to support the definition, review and update of the Information Security Risk KRIs
Operational Effectiveness & Control
· To support the end to end Assurance review process
· To provide regular reporting on assurance for various stakeholders as and when required
· To maintain effective communication with other ISR teams, 2LoD functions, Internal Audit, and GB/GF contacts.
· Complete other responsibilities, as assigned
· Assist in the planning for all Assurance reviews, collating data from Risk Analysis team
· Establish ISR Assurance analysis as a useful resource for the new 2LoD ISR teams
· Create effective relationships with ISR GB/GF Oversight and Regional representatives through the provision of regular and ad hoc reports
· Support the development of a risk assurance analyst reporting framework
· Regulatory punitive damages and censures possible in the event of Information Security weakness and/or failures Potential significant reputational damage and consequent share price impacts due to Information Security incidents
Management of Risk
· The role is expected to adhere to all relevant FIM policies and operational risk guidelines
· Provide analysis of the exposure of the GB/GFs to information security risks, highlighting vulnerabilities, increases in risk, and risk position on emerging risks
Observation of Internal Controls
· Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
· Monitors adherence to the Information Security Risk policies (B.10.x) in the Global Risk FIM, the effectiveness of controls set up to implement these policies, and adherence to relevant regulations.