Operational and Resilience Risk, Data Resilience Manager, USA
Internship Arlington Heights (Cook) IT development
Job description
#HSBCUSA
US Operational and Resilience Risk (ORR) is a sub-function of Group Risk. Its purpose is to ensure HSBC understands, and is in control of, its non-financial risk position. In addition, the function provides resilience risk stewardship to US businesses, functions and entities in which the US bank operates.
Data Resilience is the ability to provide critical services to HSBC’s customers, affiliates, and counterparties, during sustained or significant operational disruption related to data (i.e. quality) or information (i.e. data that has consumable business value to an end-user). The risk type focuses on confidentially, integrity, and availability through the data lifecycle - notably, data risk oversight related to legal (i.e. data privacy) and regulatory compliance (i.e. data localization, record management) topics are beyond the scope of this role.
The Data Resilience Manager will serve as a specialist as part of HSBC's second line of defence Operational and Resilience Risk team. The role holder will contribute their expertise in information technology, data quality monitoring (rules ensuring data is complete and accurate), data dictionaries (rules for validating data at capture or during maintenance), and data lineage (flow of data from system-to-system) to provide robust, credible, insightful and constructive oversight and challenge to first line of defence IT stakeholders. The role enables business-facing Operational and Resilience Risk teams to provide tailored expertise to risk owners.
The key accountabilities of the US ORR Data Resilience Manager role include:
· Risk Management Expert: Specialist in information technology for data security and/or data quality, data simplification, data analytics, commercialisation of data.
· Risk Taxonomy : Support the design, socialization, and implementation of the data-related elements of HSBC’s Information Technology and Cybersecurity risk and control taxonomy. Ensure robust oversight and credible challenge with clear expectations set with IT and business data Control Owners. Works closely with the first line of defense (including USA Chief Data Officer their respective teams) to agree required outcomes and remediation priorities.
· Risk Appetite : Monitor US Resilience Risk Appetite and oversee first line of defense reporting to governance committees. Work with US ORR Business and Functions teams to ensure US businesses understand the impact of any Resilience Risk appetite breaches that require changes to controls, resources and business operations.
· Risk Policy: Provide subject matter expertise and credible challenge on US Resilience Risk policy dispensations and risk acceptances.
· Change and Event Incident Oversight: Support the guidance, oversight and challenge of key data-related Information Technology and Cybersecurity Risk issues, material internal incidents, external events, and strategic bank change programmes to ensure risks are quantified and appropriate actions are taken.
· Risk Position and Challenge P apers : Help prepare evidence-based papers pertaining to data-related Information Technology and Cybersecurity Risk positions to US boards, Risk Management Meeting (RMMs), Control Environment Management Meeting (CEMMs), and related forums.
· Regulatory Awareness: Apply guidance on HSBC's adherence to data-related legislation and regulations from government organisations, regulators, and industry organizations.
Impact on the Business
· Within U.S. scope, provide credible challenge (1) across all data resilience risks, (2) across scenario analysis activities for both capital adequacy and IT risk management purposes, and (3) across data resilience elements of the RCA process and the use of the RR Risk and Control Library
· Responsible for the review of controls relating to data resilience risks
· Review of internal and external events for their focus area, to disseminate the insight and learnings applicable to key Products and Services across the business
· Oversee their focus area of 1LOD IT adoption of Standards, Processes and Procedures required to implement the Policy objectives
· Maintain on-going visibility of their focus areas' key initiatives and helping to prioritize RR oversight according to IT risk
· Provide risk opinion, guidance and credible challenge to their focus area on dispensation requests
· Manage and maintain close oversight on various RR data-related incidents with a view to provide credible challenge that risk and impacts have been handled effectively
Customers / Stakeholders
· Influence and provide direction to the 1LOD and ORR Business & Functions team to ensure they fulfil own roles and responsibilities and manage data resilience risk according to the Group’s frameworks and within stated appetite
· Build and maintain relationships with external partners, regulators, industry bodies and others to keep up to date with developments
· Manage relationships with wider ORR team
Leadership & Teamwork
· Challenge and influence to ensure specialist advice and guidance is understood and followed
· Work in conjunction with ORR Business & Functions team and the wider RR Specialist team
· Support diversity and reflect the HSBC brand and organizational values.
Operational Effectiveness & Control
· Partner with ORR Business & Functions team and 1LOD to identify, measure, mitigate, monitor and report data resilience risks
· Partner with ORR Business & Functions team regarding Implementation of country Internal Audit and ORR recommendations and directions for the improved use of the Risk Framework related to the specialist area
Desired profile
Qualifications :
Knowledge & Experience / Qualifications
· Subject matter expertise in one or more resilience technology risk categories (i.e. data security), including understanding of industry best practices, frameworks, and regulatory guidelines
· Understanding of risk management principles
· Ability to engage with first line of defense stakeholders
· Strong written communicator
· 3-5 years experience in related technology role(s)
· Bachelor's degree and/or professional certificate in related discipline
· IT, IT security, an/or risk management certifications preferred (including CRISC)
Key Capabilities
· Providing Expert Advice and Robust Challenge
· Delivering Risk Steward Policies
· Oversee, Review, and Challenge Risks and Controls
EEO/AA/Minorities/Women/Disability/Veterans