HSBC - Assistant Vice President - IT Audit

Some careers shine brighter than others.

- If youre looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

- HSBC is one of the largest banking and financial services organisations in the world, with operations in 62 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

- We are currently seeking an experienced professional to join our team in the role of Assistant Vice President (AVP)- Tech, Cybersecurity, Data (TCSD) Risk, Controls Assurance.

Role purpose :

- The Groups Risk Management Framework (RMF) requires independent Second Line Assurance of the management of material risks and controls across HSBCs non-financial and financial risk taxonomies. The RCAS function provides a significant proportion of this assurance.

- Via its industry-leading centres of excellence, RCAS delivers innovative assurance solutions for and on behalf of HSBCs Risk Stewards and peer assurance teams.

- Controls Assurance (CA) reports into RCAS and is responsible for assuring the risk management of critical business processes and specified non-financial and financial risks across the Group, principally by testing mitigating controls. This is achieved by building out a centralised offshore capability that will deliver agile, insightful, and cost-efficient assurance. CA also provides a resource augmentation service to other assurance teams within the Bank, becoming a vehicle to effectively manage assurance costs and resources. Also, CA works together with the RCAS Automation and Analytics team to develop, test and deploy their Continuous Assurance objectives.

Roles and Responsibilities :

The role holder will be required to support the VP, TCSD and Head of CA (GSC Country Location Name) in leading or working with a team to assess the effectiveness of controls relating to the TCSD risks and identifying and raising issues where control gaps lead to material unaddressed risks.

At a high level, the role holder will be responsible for the following:

1. Evaluate a portfolio of controls for design effectiveness, operating effectiveness and/or risk management outcomes, raising issues as appropriate. Customise and localise standard test scripts and then evaluate assigned controls for design and operating effectiveness, raise issues as appropriate.

2. Ensure that assigned control assessments are accurate, effective, abide by CA and RCAS methodology, procedures, and templates, and meet quality control requirements and are delivered on time, in accordance with the CA assessment plan.

3. Supervise the delivery of assigned control assessments not limited to System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Change Management, Incident Management, Recovery Management, Software Development Lifecycle (SDLC), and other general controls; using experience and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required.

4. Manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimizing contention where possible and requesting support, where deemed necessary.

5. Manage the documentation of distinct control types, covering key aspects, such as remit, main processes, and handovers to other teams.

6. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the TCSD control owners to improve processes and manage risks to achieving operational and strategic goals

7. Ensure that issue owners complete sufficient root cause analysis for all material issues and have appropriate remediation plans in place

8. Support the Head of Control Assurance (GSC Country Location Name) in fulfilling CA responsibilities as required, including budget management, resourcing, and feeding into the development of procedures and templates.

Qualifications:

1. Graduate / Post graduate with relevant 4+ years proven experience in Assurance, Testing, Audit, or consulting roles for IT / Cyber / Data either in second or third line of defence capacity.

2. Experience in auditing / testing operating systems, databases, networks, security systems, cloud services and other general controls; Change Management, Incident Management, Recovery Management and SDLC

3. Experience in IT control frameworks (COBIT, NIST CSF, ISO 27001, ITIL).

4. Ability to lead and individually contribute to assurance reviews to measure the banks technology and cybersecurity controls against these framework requirements as applicable

5. Experience working with local and regional stakeholders and an understanding of global standards of quality and the ability to work with different cultural groups and build consensus and rapport.

6. Experience utilising data analytics tools and techniques (desirable)

7. Requires understanding of the changing regulatory landscape regarding TCSD functions within the banking industry.

Youll achieve more at HSBC :

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment.

We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.