Cyber Information, Technology and Third Party Risk Officer

Overview

Cyber Information, Technology and Third Party Risk Officer - Group Chief Operating Officer at HSBC. The GCIO organisation partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people’s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues.

We are currently seeking a high calibre professional to join our team as a Cyber Information, Technology and Third Party Risk Officer (CITTPRO).

• Work with International Wealth and Premier Banking (IWPB) as a Cyber Information, Technology and Third Party Risk Officer (CITTPRO). Support IWPB’s Cyber Information and Technology Risk Officer (CITRO) / Business Information Risk Officer (BIRO) to perform Control Monitoring of IT and Data Security controls and IWPB’s Third Party Risk Officer (TPRO). Act as the primary point of contact for the IWPB Third Party Engagement Managers (TPEMs) on Third Party Management (TPM) issues.
• Be responsible for ensuring risk assessments accurately reflect the risks faced by the businesses and are appropriately monitored and reported in relevant governance forums. Carry out thematic control checking, control monitoring or testing relating to Information and Cyber Security Risks (ISR) and other 1LOD risk and control responsibilities or ad-hoc tasks assigned by IWPB’s CITRO/BIRO. Liaise with stakeholders including Third Party Engagement Risk Owners, Third Party Case Manager in Control Owners, Business Service Owners, and Risk Stewards to implement Third Party risk and control related enhancements/activities.
• Support IWPB TPEMs to ensure appropriate approvals are obtained during various steps of the Third-Party Onboarding process and risk Assessments, Materiality Assessments and Control Tasks are completed accurately. Ensure third party due diligence tasks are completed timely, records are accurate and up to date, breaches or issues are escalated, and remediation plans are tracked.
• Maintain oversight indicators reflecting the effectiveness of Third Party Risk controls and facilitate senior management decision making using analytical and problem-solving skills to make risk and control recommendations.

• Actively challenge poor or excessive controls, identify and drive thematic control reviews across businesses/functions, and support relevant business/functions with Information Security and Third-Party Risks management. Provide regular reporting to the business/function and/or the Non-Financial Risk team on risk management and project progress.
• Engage business/function management to ensure ownership and remediation of control issues raised from internal/external audits, controls assurance and regulatory changes. Share best practices within area/region/global as applicable.

• Prior experience in a Risk Management or Controls role (in either first, second or third line of defence) within a global organization, working across cultures
• Experience in managing Third Party risks, with good understanding of MAS and ABS outsourcing guidelines/requirements
• Proactive and delivery focused to ensure tasks are completed on time and to the required quality
• Strong business and commercial knowledge (in particular IWPB); familiarity with Cyber and Information Security Risks, preferably with relevant professional qualifications
• For internal candidates, in-depth understanding of applicable sections of the Global Risk FIM, Security Risk and Third-Party Risks (TPR) and controls under the Non-Financial Risk Framework

Opening up a world of opportunity

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the