Description:

Brief overview of the business areas

The Cybersecurity function is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts.

What you will be doing;

The Head of CRCS Business Engagement for the Americas will play a key role in coordinating activities required to implement the Cybersecurity Risk and Controls Strategy across the Region. This role will report into the Global Head of CRCS Business Engagement and the Chief Information Security Officer for the Americas, and closely collaborate with the CRCS Business Engagement Leads supporting other regions and businesses HSBC operates in, as well as with the rest of core CRCS functions. The key part of the role will be establishing and executing processes across the Americas, to strengthen engagement for control design and monitoring; tailoring reports, metrics and management updates across all tiers of the organization.

The ideal candidate will possess strong leadership and communication skills, a wide knowledge across all cybersecurity domains and strong experience in managing international teams and stakeholders. The role holder will be required to manage engagement with stakeholders including the regional and business CIOs and COOs; Cybersecurity Leadership and staff; regional, in-country and global business teams; Chief Controls Office (CCO) Technology, 2LoD Resilience Risk and 3LoD Internal Audit teams.

The role holder will manage CRCS activities to support the Americas Region within CRCS Business Engagement team that is part of HSBC’s 1LoD Cybersecurity Risk and Controls Strategy (CRCS) function. As such the role holder must possess significant controls management experience, strong stakeholder management skills and experience, in order to help deliver a unified approach to controls management across the Group.

The CRCS Business Engagement team is responsible for implementing each of the core areas of CRCS within business and geographies:

1. Cybersecurity Risk Quantification (CRQ) – development, implementation and management of a mathematical model calculating the impact of improvements made to our control environment on risk exposure reduction. Providing an industry leading opportunity to translate complex cybersecurity concepts into business-friendly information allowing to make informed decisions in line with our risk appetite.

2. Cybersecurity Controls Design – designing Procedures, Operating Instructions and Control Instances, expanding on the newly implemented Risk Taxonomy and Control Library. Define and maintain a detailed Cybersecurity Controls Catalogue, continuously improving our controls design and implementation requirements.

3. Metrics & Reporting – definition and management of Key Control Indicators and providing a ‘front-door’ service to Global Businesses, Functions and Regions for any queries related to KCIs and output of the new Cybersecurity Metrics dashboard

4. Continuous Control Monitoring – developing the approach, implementing and maintaining a process for ongoing control monitoring. Designing an approach for automated evidence collation to facilitate reviews from Chief Controls Office, Resilience Risk and Audit.

5. Risk & Controls Strategy – embedding CRQ into wider Operational Risk Management Framework and controls ecosystem. Tying together all other components of the function into a cohesive strategy to ensure robust end to end control management and risk quantification.

Skills:

cyber security, security controls, IT Audit, CISM, CISSP, information security, risk assessment, security architecture

Top Skills Details:

cyber security, security controls, IT Audit, CISM, CISSP, information security, risk assessment

Additional Skills & Qualifications:

Strong Risk and Controls Background

• Significant, subject matter expertise in Control Management. This includes but is not limited to controls design and implementation and control assessment, as well as MI and executive reporting

• Ability to translate difficult IT concepts into business-friendly language;

• Experience with Technology risks and controls. Advanced knowledge of Cybersecurity is a must.

Technical background

• Wide general cybersecurity knowledge; Understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors;

• Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs) is a must;

• Familiarity with the NIST Cyber Security Framework (CSF) would be beneficial;

• Knowledge of Center for Internet Security (CIS) Measures and Metrics is a plus;

• Experience with GRC Tools (such as HELIOS, ServiceNow, Archer) is a plus;

• Understanding of regulatory landscape

• Expert understanding of inherent/residual risk principles as well as effective/sustainable control design

Strong stakeholder management and communications skills

• Experience of working at an operational level in international environments which drive a true international perspective;

• Experience in managing/engaging with individuals in different geographies and cultures

• Experience in creating and reviewing executive reports (up to board level)

• Experience in dealing with Senior /Executive Management, internal and external audit

• Experience in dealing with senior management, business and wide array of global stakeholders

• Experience in dealing with regulators within jurisdictions across the Americas region

Team-oriented mentality combined with ability to complete tasks independently to a high quality standard

• Experience within fast-moving, complex and demanding corporate environments where Cybersecurity controls issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change.

Experience Level:

Expert Level

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.