Head of Tech Risk and Governance

Job description

Some careers have more impact than others.

If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people's money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues.

We are currently seeking a high calibre professional to join our team as a Head of Tech Risk and Governance.

Principal Responsibilities

In this role you will

• Conduct technology risk assessments (e.g., application, infrastructure, third-party, cloud) to identify potential vulnerabilities, threats, and control gaps and evaluate the effectiveness of technology controls and recommend enhancements to mitigate identified risks
• Maintain and update the bank's technology risk register, tracking key risks, control effectiveness, and mitigation actions and monitor technology risk metrics and Key Risk Indicators (KRIs) to provide early warnings of potential issues and participate in technology project lifecycle reviews (SDLC) to ensure security and risk-by-design principles are incorporated from inception
• Collaborate with internal Technology and business units to develop and implement risk treatment plans and represent the bank in external bodies on discussion relating to technology risks and resilience challenges
• Interpret, implement, and monitor compliance with various Singapore regulations and industry standards, including but not limited to requirements for cybersecurity, data governance, business continuity, outsourcing and incident management and participate in regulatory inspections and audits, providing necessary documentation and explanations
• Assist in the development, review, and update of technology risk management policies, standards, guidelines, and procedures and ensure policies are aligned with regulatory requirements, industry best practices, and the bank's risk appetite
• Conduct technology risk assessments for third-party vendors and service providers, especially those handling sensitive data or critical services and ensure third-party contracts include appropriate security and compliance clauses
• Provide expert advice and guidance to technology and business teams on technology risk, control, and compliance matters and develop and deliver training and awareness programs on technology risk and security best practices to employees and customers
• Prepare regular risk reports, dashboards, and presentations for management, risk committees, and the Board (as required) and communicate technology risk posture, compliance status, and emerging threats effectively

Requirements

To be successful you will need

• Extensive years of progressive experience in Technology Risk Management, IT Audit, Information Security, or IT Compliance within the financial services industry
• Demonstrated understanding of banking operations and technology infrastructure and strong understanding of IT general controls (ITGC), application controls, and infrastructure security
• Proficiency in risk assessment methodologies and tools
• Mandatory knowledge practical experience with MAS Technology Risk Management (TRM) Guidelines is essential. Familiarity with other relevant regulatory frameworks (e.g., PDPA,AML/CFT) and industry standards (e.g., ISO 27001, NIST Cybersecurity Framework, COBIT, ITIL)
• Advantageous certifications including CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor) and CISSP (Certified Information Systems Security Professional) with excellent analytical and problem-solving skills, with the ability to identify, assess, and articulate complex technology risks
• Exceptional written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders and strong interpersonal skills and ability to build relationships with various stakeholders across different departments

Opening up a world of opportunity

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hongkong and Shanghai Banking Corporation Limited.