Continuous Improvement

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions.

We are currently seeking an experienced professional to join our team as Sr. Associate Director, Cybersecurity Specialist 

In this role, you will be leading a small team tasked with the identification and implementation of continuous improvement opportunities across our diverse, global cyber-security threat-prevention control stack

Reporting directly into the ‘Head of Sustainable Cybersecurity Operations, the Head of Cybersecurity Threat Prevention is responsible for leading a small team tasked with the identification and implementation of continuous improvement opportunities across our diverse, global cyber-security threat-prevention control stack, with the overall goal being to ensure maximum value, performance, effectiveness and integration is achieved and maintained.

The role holder will lead the team to achieve the desired outcomes via proactive and collaborative engagements with technology owners and the operational security teams, continuously reviewing security posture and cyber-threat landscape, and taking responsibility for identifying, developing and maintaining a cyber-threat intelligence led approach to the prioritization of engagements and focus areas.

The person handling the role accountable for:

·Identifying and actioning opportunities to ‘shift left’ with our current technical cybersecurity control stack through the implementation of improved policy configuration, tighter prevention rules or other configurations that tighten our preventative/protective posture against cyber-threat.For example, tuning EDR platform policies, enabling extra features or configuration options on security email gateways or leveraging new log data sources to feed into the SIEM to support new and interesting ways to support rapid and automatic cyber-threat detection and response processes.

·Engaging with the CITA and Threat Hunter team in order to develop, implement and maintain a cyber-threat intelligence led approach to the prioritisation of workload and to focus on areas that offer the most value in terms of risk reduction.

·Coordinating activities with the Global Heads of M&TD and IM&R to ensure strategic alignment and support of the functions and their underpinning Controls.

·Building relationships with the many technology and platform owners. Navigating and managing complex relationships whereby priorities are often divergent.

·Becoming an SME in many tools, technologies and platforms in order to be able to drive the necessary change quickly, effectively and safely.

·Ensuring the team are proactive, tenacious and self-driven. This is role where work needs to be ‘found’, it isn’t always clear or obvious as to what needs to be done where.

·Managing team performance, setting team goals and objectives.

·Embedding a culture of individual self-improvement, development and self-directed learning whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly.

·Developing and implement tracking and reporting metrics to support accurate measurements of the time and effort involved and expended during CTP work. These metrics should also cover KPIs linked to the service catalogue item ‘CTP’ and be a good barometer of service health CTP request backlog health, average time take to complete a CTP change, hours expended across different teams to complete a CTP task.

·Good understanding of HSBC cybersecurity principles, global financial services business models, regional compliance regulations and applicable laws.

·Good understanding and knowledge of common industry cybersecurity frameworks, standards and methodologies, including; OWASP, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards, and the MITRE ATT&CK Framework.

·Experience in a leadership position within a cyber-security operations team to include team and capability development, staff development, career management, and recruitment.

·Excellent knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, AV, EDR, Firewalls, Proxies etc.

·Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.

·Excellent knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.

·Good knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google their associated security tooling/platforms.

·Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.

·Excellent knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools such as Splunk Enterprise Security.Knowledge of cloud based “data lake” solutions used for the collection and real-time advanced analysis of security information.

·Ability to identify, develop and track key performance indicator (KPI) and key control indicator (KCI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.

·Good knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.

·5+ years of experience in a cybersecurity related leadership position, preferably in the finance or similarly regulated sector.

·Industry recognised cybersecurity related certifications including; CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP

·Certified in the use and management of core security platforms such as SIEM, EDR, Firewalls, Proxies etc.

·Core technical platform / OS certifications Windows, Linux, MacOS.