Security Architect/Commercial Banking IT

Job description

Role Purpose (overall high level summary of the role)

In today's digital world, HSBC Commercial Banking (CMB) needs to develop secure solutions for our customers and have appropriate defences to address evolving security threats. Security Architecture defines the security capabilities and functions (services, building blocks, and roadmap) that support the strategic business objectives. CMB Security Architecture will enable the HSBC CMB business to make good strategic and operational decisions in relation to information security.

CMB Security Architecture is a global function responsible for the definition of the future state security, the creation /use of security patterns and assuring that appropriate security is designed-into CMB services and projects.

CMB Security Architecture will provide security architecture guidance and assurance to CMB IT and business teams. It will work with CMB Architecture, Enterprise Security Architecture and other key CMB and Enterprise groups.

The overall services that the team will provide are as follows:

· Define, design, evaluate and maintain the CMB Business Cybersecurity architecture
· Drive the implementation of secure design through guidance and assurance.
· Measure adherence to the security architecture within CMB to drive progress.
· Security product/service selection & implementation with associated processes and controls
· Delivery of solutions architecture consulting.

The role will be hands-on and cuts across all the CMB IT teams and Architecture disciplines: Application, Solution, Technical, Information and Enterprise.

Principal Accountabilities: Key activities and decision making areas

Typical Targets and Measures

Impact on the Business

· Champion the development and implementation of CMB's target state Security Architecture.
· Govern the introduction of new security techniques, products, services, technologies and standards where needed against identified use cases and taking into account commercial.
· Have a holistic knowledge of CMB's most critical business systems
· Stay abreast of technology trends and advise IT and the business about potential benefits/impacts.
· Propose innovative architectural solutions to address security capability and control gaps
· Plan strategic roadmaps and position the Business to provide new customer services secured by the latest security capabilities
· Own CMB related security patterns for all layers of the stack (from network fabric, to hardware and OS) as well as service models (IaaS, PaaS, Saas), and ensure alignment with security policies and standards

· Published CMB security strategy and roadmap

· Published and communicated security architectural patterns

· Adoption of new security controls to improve the security of HSBC and of our customers

Customers / Stakeholders / 3 rd Parties

· Work closely with CMB Architects, Solution Designers, Enterprise Security Architecture and Cybersecurity Assessment. (CSAT).
· Work with stakeholders to communicate, educate and influence key security controls and strategic direction
· Participate in continual improvement of CyberSecurity by investigating new security processes, technologies, and tools, and regular communication of related information.

· Attend management & governance meetings with stakeholders

· Regular feedback from stakeholders

Leadership & Teamwork

· Evangelize the benefits of security architecture, accepted best practice techniques, standards and tools to CMB

· Develop and evolve security best practice within CMB

· Drive target state security architecture execution in collaboration with stakeholders

· Lead security information sharing across CMB

· Target State Architecture capabilities delivered

· Ensure consistency of process, contribute collaboratively to team goals & initiatives

Operational Effectiveness & Control

· Manage security architecture reviews through Technical Design Authority (TDA) and Solutions Architecture Board (SAB) ensuring peer review of all projects

· Ensure that any new services/projects are taken through the Technology Design Authority (TDA)

· Drive usage and creation of security patterns/ services

· Ensure compliance with all relevant internal instructions (FIMs, GSMs, circulars) and external regulatory requirements, including the management of operational risk and adherence to the Group's standards of ethical behaviour

· Participates in the Technology Design Authority (TDA) and ensures appropriate use cases for new products/services introduced

· Ensure all technology used is Technical Reference Model (TRM) compliant, or has an approved exception

Major Challenges (The challenges inherent in the role that require a continual test of the role holder's abilities)

·
Understand Commercial Banking strategy and drive the IT Security target state architecture to ensure IT's current and future capabilities satisfy these business needs. Influences IT stakeholders to ensure that the necessary investments are made to deliver required security services/capabilities. Initiates improvement in services, products and systems.

·
Leads development and communication of Commercial Banking's Cybersecurity Assurance . Ensure CMB's governance framework provides clear decision-making on security. Promotes security policies, practices and decisions that recognise the current and evolving needs of all the stakeholders.

·
Provision of security consultancy services. Takes full responsibility for the balance between non-functional, service quality and systems management requirements.

·
Drives security design activities, promoting the discipline to ensure consistency. Ensure appropriate adherence to HSBC standards.

·
Coordinates the identification and assessment of the security impact of emerging technologies & innovation.

Ensures projects/ systems are reviewed for compliance with HSBC's security standards, policies and target state architecture strategy. Ensures that any identified security risks are highlighted appropriately.

Role Context (The environment and operating conditions of the role including the extent of guidance and authority)

·
A track record of providing security architectural guidance/assessment and input to complex programmes and projects

·
Lead through influence: demonstrated ability to rapidly build relationships with key stakeholders and effectively manage the concerns of all senior stakeholders effectively by concentrating on the critical details and interfaces that fulfill these concerns

·
Understand and interpret complex business and security requirements

·
Prioritize work to successfully deliver service to agreed levels in a diverse and constantly changing technical and business environment, effectively coordinating delivery involving elements delivered by other teams

·
Natural collaborator: excellent communication and interpersonal skills, including the capacity to articulate the case for Security priority and investments

·
Strong technologist with pragmatic view: Have the ability to compare and contrast different technologies to meet business security requirements. Have in-depth conceptual functional and non-functional knowledge of technologies including Networking, Server OS internals, benchmarking/HW (x86/Mainframe) & Server Virtualization, Storage, DBs, Cloud, Big Data, Mobile & Tablets.

Management of Risk (Operational Risk / FIM requirements)

Demonstrate leadership on security & risk matters. Maintain awareness of security architecture risks, operational risks and minimize the likelihood of them occurring through identification, assessment, mitigation and controls.

Observation of Internal Controls (Compliance Policy / FIM requirements)

·
Maintain and observe HSBC internal control standards, including the timely implementation of recommendations made by internal/external auditors and external regulators

·
Foster a compliance culture and implement Information Technology Policy by managing security architecture risks

Role Dimensions (e.g. balance sheet size, lending/expenditure limits, size/volume of transactions, budget. in USD'000 )

· Relationships: CMB IT leads (Service Lines and Region/Country), CMB Architecture, Cybersecurity Architecture and Controls

· Strategic Importance - High: Champion the development, assessment and implementation of CMB's target state security architecture.

· Regulatory & Risk – Sustains a risk aware culture across CMB through stakeholder management and governance structures such as Technical Design Authority (TDA). Communicates changes in security architecture policy & governance effectively

Headcount reporting to this role

Direct:

0

Indirect:

0-10

Total:

0-10

Knowledge & Experience / Qualifications (For the role – not the role holder. Minimum requirements of the role.)

· Bachelor's degree in Computer Science, Cyber Security or a related field

· At least 7+ years of relevant IT experience, including exposure to design, engineering, implementation and operations (3-5 of those years to be devoted specifically to security)

· Experience of performing security design reviews, ideally including threat assessment / threat modelling

· Ability to provide direction and guidance on security architectural use cases and requirements.

· Familiarity with Industry Standard Security Frameworks such as NIST Cybersecurity Framework, ISO 27001/27002, ITIL, COBIT. IT or cloud related security qualifications desirable.

· Experience in defining future architectural strategy and roadmaps

· Experience with role-based authorization methodologies, authentication technologies and security attack pathologies

· In-depth knowledge of key IT domains particularly computing platforms (Windows, UNIX and Linux) and networking technologies

· Knowledge and experience with perimeter security controls such as firewall, IDS/IPS, network access control, and network segmentation

· Proficient in security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies Security Architectural experience working in complex organizations.

· Comfortable working with ambiguity and conducting research as well as managing third party vendor(s).

· Ability to write position papers on highly complex topics for a business audience to assist in decision making

· Experience building reference security architectures and adapting them for business use cases.

· Understanding of Cloud service models (IaaS, PaaS, SaaS), and supporting technologies.

· Experience with any of the industry Cloud technologies such as Amazon Web Service, Azure, Google Cloud, etc., as well as virtualization technologies (VMWare, MVS, xEN, Virtual Box, etc...)

· Familiarity with deploying and securing container technology, VM Ware ESXi, and OpenStack is desirable

· Understanding of network technologies including SDN, routing (including VRFs), and enterprise network designs.

· Knowledge of third party auditing and cloud risk assessment methodologies

Desired profile

Qualifications :

NA