Job Description

The health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (2019-nCoV), we’re leveraging our digital capabilities to ensure we can continue to recruit top talent at the HSBC Group. As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey. If so, one of our Resourcing colleagues will explain how our video-interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions you might have. Some careers shine brighter than others. If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of a Delivery Head. HSS DBS require a Senior Risk and Control Officer to join the expanding RCO Team. As HSS is an external facing business, the RCO team is a critical function in ensuring risk is managed and tracked effectively, audits (internal and external) are professionally managed and successful, the HSS DBS teams demonstrate risk awareness. Additionally the HSS RCO team support the HSS business for client due diligences, RFPs and sales pitches. The key requirements of the Senior Risk and Control Officer is to:-

• Cyber Security. To ensure HSS teams develop systems that are secure in design, through training and monitoring adherence through tools such as code scanning. To review and challenge Cyber controls for HSBC Group that require strengthening for HSS needs. To provide external Clients with assurance to the effectiveness Cyber Security control environment.
• ISAE 3402. A critical delivery for HSS, external clients (and their auditors), and regulators. Manage the HSS Technology report spanning approximately 50 systems, 30 controls and 1000 pieces of evidence. Each system will involve interaction and evidence submission from multiple teams (development, user access management, backup & recovery, etc). The audit occurs twice a year and last approximately 5 months. Without a clean ISAE 3402, Client auditors are unable to approve end of year financial accounts.
• ITAC (IT Automated Control Testing). These form part of the critical Business ISAE 3402 audits. Business control owners are unable to provide the evidence to prove effectiveness of a control reliant on an IT automated function (such as a report, a system feed, the results from “pressing a button”). Manage the ITAC testing for the HSS Business Report twice a year, covering approximately 40 each cycle.
• ISAE 3402 Remediation. Ensure Group teams are briefed on any findings and exceptions. Ensure remediation programmes are run and, where required, FIM controls are revised and updated by the control owner.
• Client Engagement. As an external business, a critical function is to meet clients and their auditors (written, audio, VC, face to face in HSBC offices including datacentres and Client offices). This will include (but not limited to) Client RFPs, Due Diligences, Sales pitchers (new clients or increased product offering to existing clients), Client Assurance, Audit walkthrough, Cyber Security control environment overviews. Engagement will range from once a week to daily with different clients.
• Risk & Control. Tasks will include CEMM coordination, incident management, thematic reviews, risk firedrills, project managing remediation programs of work, departmental training, etc as assigned

In this role, you will:

• Drive culture change around Risk & Control within region
• Consult on projects, providing subject matter expertise during audits
• Share best practise with the GBM Risk and Control Organisation
• Provide training sessions for key staff to uplift risk awareness
• Provide guidance and help to delivery teams in regards to security solutions to enable faster delivery of Systems
• Collaborating with project teams working closely in a DevOps and agile development processes
• Partner with the GBM business areas and Risk Functions to promote and provide guidance to relevant policies, standards and governance within GBM
• Provide regional stakeholder updates with respect to Control uplift programs
• Support engagement with internal / external / client audit and Regulatory Exams, including oversight of field work, collation of artefacts and partnership with CCO to remediate issues
• Attend relevant regional governance forums and where applicable provide appropriate MI
• Communicate residual risk through reporting, business governance processes and forums
• Own the risk & control agenda for region
• Lead the delivery of risk & control projects and programmes for the region
• Assist service/project owners in responding appropriately and effectively to firm-wide risk, cyber and corporate control initiatives
• Partner with service owners and Asset Class RCOs to identify and assess controls, determine mitigating actions and remediation activities, and understand the overall risk profile

Requirements
To be successful in this role, you should meet the following requirements:

• Understand the global strategies of the Group and collaborates with the business at a global level to accomplish these strategies
• Demonstrated business knowledge
• Experience in an Investment banking / IT environment
• Experience of a control (Risk management) environment, including reviewing adherence to/enforcing/promoting policies and standards
• Excellent communication skills able to articulate at a senior management level, to peers at Group level and to external organisations (Clients, Auditors, Regulators)
• Proven ability to prioritise competing demands
• Demonstrated ability to assess Risk trends
• Demonstrated ability to rapidly build relationships with key stakeholders

Additional Skills

• Risks & issues management – including escalation
• Analytical and problem solving skills
• Attention to detail
• Project planning & management
• Self-starter (ability to work alone and as part of team)
• Stakeholder management

You’ll achieve more when you join HSBC. www.hsbc.com/careers HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. Issued by – HSBC Software Development India