Operational and Resilience Risk, Technology Risk and IT Change Manager, USA
Internship Arlington Heights (Cook) Sales
Job description
US Operational and Resilience Risk (ORR) is a sub-function of Group Risk. Its purpose is to ensure HSBC understands, and is in control of, its non-financial risk position. In addition, the function provides resilience risk stewardship to US businesses, functions and entities in which the US bank operates.
Technology Resilience is the risk of unmanaged disruption to any IT system within HSBC, as a result of malicious acts (i.e. cyber-attacks), accidental actions or poor IT practise (i.e. change control) or IT system failure (i.e. a core network switch failing).
The Technology Risk and IT Change Manager will serve as a specialist as part of HSBC's second line of defence Operational and Resilience Risk team. The role holder will serve as primary point-of-contact from US Operational and Resilience Risk to HSBC's US IT risk and change management operations, providing engagement and credible challenge of technology risk governance and change controls for Information Technology and Cybersecurity Risk.
The key accountabilities of the US ORR Technology Risk and IT Change Manager role include:
· Risk Management Expert: Specialist in information technology risk, including cybersecurity principles, cloud strategies and IT operational processes, with focus on change control and risk management through IT governance.
· Risk Management Oversight : Ensure robust oversight and credible challenge with clear expectations set with IT and Cyber Security Control Owners. Works closely with the first line of defense (including USA CIO, CISO, CCO and their respective teams) to agree required outcomes and remediation priorities.
· IT Change Oversight : Support the guidance, oversight and challenge on key Information Technology and Cybersecurity Risk issues arising from IT change management. Monitor and challenge the effective of ongoing change management control monitoring plans (i.e. oversight of test plans, sample checks).
· Risk Appetite : Monitor US Resilience Risk Appetite and oversee first line of defense reporting to governance committees. Work with US ORR Business and Functions teams to ensure US businesses understand the impact of any Resilience Risk appetite breaches that require changes to controls, resources and business operations.
· Risk Policy: Provide subject matter expertise and credible challenge on US Resilience Risk policy dispensations and risk acceptances.
· Risk Position and Challenge P apers : Help prepare evidence-based papers pertaining to Information Technology and Cybersecurity Risk positions to US boards, Risk Management Meeting (RMMs), Control Environment Management Meeting (CEMMs), and related forums.
· Regulatory Awareness: Apply guidance on HSBC's adherence to Information Technology and Cybersecurity Risk-related legislation and regulations from government organisations, regulators, and industry organizations.
Impact on the Business
· Provide credible challenge across all information, technology, and cybersecurity risks within USA both enabling business growth while maintaining related risks within appetite
· Responsible for the review of controls relating to information, technology, and cybersecurity risks
· Review of internal and external events for their focus area, to disseminate the insight and learnings applicable to key Products and Services across the business
· Oversee their focus area of 1LOD IT adoption of Standards, Processes and Procedures required to implement the Policy objectives
· Maintaining on-going visibility of their focus areas' key initiatives and helping to prioritize RR oversight according to IT risk
· Provide risk opinion, guidance and credible challenge to their focus area on dispensation requests
· Provide credible challenge of scenario analysis activities for both capital adequacy and IT risk management purposes
· Provide credible challenge of their focus area in the RCA process and the use of the RR Risk and Control Library to ensure relevant information, technology, and cybersecurity risks and controls are included in the RCA
· Manage and maintain close oversight on all RR related incidents with a view to provide credible challenge that risk and impacts have been handled effectively
Customers / Stakeholders
· Influence and provide direction to the 1LOD and ORR Business & Functions team to ensure they fulfil own roles and responsibilities and manage information, technology, and cybersecurity risk according to the Group's frameworks and within stated appetite
· Build and maintain relationships with external partners, regulators, industry bodies and others to keep up to date with developments
· Manage relationships with wider ORR team
Leadership & Teamwork
· Challenge and influence to ensure specialist advice and guidance is understood and followed
· Work in conjunction with ORR Business & Functions team and the wider RR Specialist team
· Support diversity and reflect the HSBC brand and organisational values.
Operational Effectiveness & Control
· Partner with ORR Business & Functions team and 1LOD to identify, measure, mitigate, monitor and report information, technology, and cybersecurity risks
· Partner with ORR Business & Functions team regarding Implementation of country Internal Audit and ORR recommendations and directions for the improved use of the Risk Framework related to the specialist area.
Desired profile
Qualifications :
Knowledge & Experience / Qualifications ( For the role – not the role holder. Minimum requirements of the role.)
· Subject matter expertise in one or more resilience technology risk categories (i.e. IT risk management), including understanding of industry best practices, frameworks, and regulatory guidelines
· Understanding of risk management principles
· Ability to engage with first line of defense stakeholders
· Strong written communicator with demonstrated analytic skills
· 3-5 years experience in related risk management and/or technology role(s)
· Bachelor's degree and/or professional certificate in related discipline
Key Capabilities
· Providing Expert Advice and Robust Challenge
· Delivering Risk Steward Policies
· Oversee, Review, and Challenge Risks and Controls
· Understanding and Applying Risk Management in Context
EEO/AA/Minorities/Women/Disability/Veterans