Vulnerability Control and Governance Senior Manager

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

Brief overview of the business areas

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology, and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed, and implemented appropriately. Cybersecurity predominantly delivers this via objective, independent, professional, and specialized subject matter experts. The role forms part of the 1LoD in relation to the risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. threat modelling) and Third-Party Security Assessment. The function drives the identification, capture, assessment, testing/ verification and ultimately the remediation of security defects, gaps, and vulnerabilities across HSBC’s estate in concert with business and technology teams - on-premises, within the Cloud and for those resulting from 3rd party engagements.

What you will be doing

The VULN Control and Governance Senior Manager will be a key part of the Vulnerability Management team, reporting to the Global Head of Vulnerability Management. They will be responsible for supporting the delivery of Control Owner activities and Governance.

Additionally, they will need to closely collaborate with CSAT Head of Governance, and key stakeholders in the CCO Technology, CRCS, CBE, 2 and 3LOD.

What you’ll do

• Support the delivery of Vulnerability Management Control Owner activities, providing robust internal challenge, and ensuring deliverables are accessible, accurate and completed in line with stakeholder expectations.
• Lead Risk and Control Issue remediation activities including use of Helios and utilise risk and control environment knowledge to; provide insights/ identify trends; lead continuous improvement initiatives; promote decision-making based on data and commercial analysis.
• Represent the Vulnerability Management Control Owners in meetings and responding to questions on the controls.
• Drive routine metric submissions e.g., KCIs, KRI, ensuring high quality, accurate commentary, and timely submission. Supporting evolution of Vulnerability Management metrics, including KCIs and Group Risk Appetite Statement (GRAS). Ensuring activities in CTB/ RTB have considered control impacts.
• Keep abreast of various activities across the pillars of Vulnerability Management to ascertain potential upstream or downstream impacts to ensure all key stakeholders are involved as appropriate as well as partner with key stakeholders including Enterprise Risk Management (ERM), CCO Technology, Cybersecurity Risk & Control Strategy (CRCS) and Cybersecurity Business Engagement (CBE).
• Prepare/ coordinate; Vulnerability Management meeting papers/ material for senior management meetings (e.g., TGWG, DBS RCMM, Technology RCMM, Cybersecurity RCMM, Cloud RCMM); and responses to information requests from Regulators, Internal/ External Audit etc.
• Engage with the Global Head of Vulnerability Management, and relevant team members to review and gain approval for submissions and ensure information requests/ engagement meetings are supported by the correct SMEs.
• Work with a variety of stakeholders across functions, levels, and geographies to ensure the content of reports and presentations are accurate and appropriate for the audience.
• Support the organisation/ delivery of routine management meetings (formal and informal), including the agenda, meeting materials, and tracking of Actions and Issues through to conclusion as well as support the Head of CSAT Governance with ensuring that; priority tasks and escalations are actioned; and key commitments are monitored/ delivered (formal actions (e.g. Helios).
• Drive the continuing development, implementation, and improvement of governance processes.

What you need to have to succeed in this role

• Excellent written and verbal communication skills, including the experience of preparing Board level reports and responding to regulatory requests.
• Proven ability to influence, challenge and manage senior stakeholders within 1, 2, 3LOD.
• Ability to work under pressure with high accuracy and focus.
• Curious and a creative problem solver, comfortable with a high level of ambiguity.
• Pro-active, independent, collaborative team player with a positive attitude.
• Process orientated, outstanding organizational skills.
• Excellent understanding of Excel, Sharepoint, Microsoft Teams and Confluence.
• Experience of working in roles within Risk Management, CCO and Governance.

What we offer

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN).
• Corporate parties & events
• CSR initiatives
• Nursery discounts
• Financial support with trainings and education
• Social fund
• Flexible working hours 
• Free parking

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test 
• Telephone screen 
• Interview with the hiring manager

We are looking to hire as soon as possible so don’t wait and apply now!

You'll achieve more when you join HSBC.