Big Bank Funding. FinTech Thinking.

Our Technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data-centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers. 

Following extensive investment across our Technology and Digital domains and with plans for continued expansion throughout 2022 and beyond, we are currently seeking a Head of Vulnerability Reporting, to join the HSBC Cybersecurity team within Technology.

Brief overview of the business areas 

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to the risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing/ verification and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams – on-premise, within the Cloud and for those resulting from 3rd party engagements.

What you will be doing

The Head of Vulnerability Reporting is a key role within the Vulnerability Management team and the wider Cyber Security Assessment and Reporting function. The role will report in to the Head of Cyber Security Digital Footprint.

The prime deliverable will be to ensure the delivery of automated Operational and Business related reporting. They will be responsible for supporting the delivery of Control Owner activities and Governance. 

Additionally, they will need to closely collaborate with the Head of Vulnerability Management, Federated Control Owners, key stakeholders in the CCO Technology, 2 and 3LOD. 

Key Responsibilities

• • Delivering detailed and accurate reporting of Vulnerability data to help drive and prioritise risk based remediation across the bank.
  • Continual improvement in the depth and breadth of reporting capabilities against the Vulnerability Management control to support improvements in the banks security posture.
  • Thematic analysis of trending and identifying opportunities for control improvements through changes to or additional key control or risk indicator metrics.
  • Clear accountability and ownership of the Vulnerability reporting and remediation key control indicators and key risk indicators.
  • Identify, plan and deliver automation to improve efficiency and value in the reporting produced.
  • Triage and assessment of all new Vulnerability reporting requirements, ensuring requirements are clearly understood, link back to strategic deliverables and are planned appropriately.
  • Maintain and monitor all feeds in to the Vulnerability reporting platform, reporting on impacts to vulnerability reporting and ensuring that relevant remediation activities to resolve feed issues are tracked and impacts reported to those utilising reports in a timely manner.
  • Maintain operational documentation on what reports are available and how to access and utilise existing filters.
  • Capture and maintain key reports that need to be extracted by the team and their associated distribution lists
  • Attend key management meetings to talk through the reports and underlying data
  • Support in preparation of required governance and control meeting submissions for Vulnerability Management reporting.
  • Contribute to responses to information requests from Regulators, Internal/ External Audit etc;
  • and responses to 2LOD challenges/ Papers.
  • Providing commentary to routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs.
  • Engaging with the Head of Vulnerability Management, and relevant team members to review and gain approval for submissions and ensure information requests are aligned with the group risk appetite providing the expected responses.
  • Adhoc tasks as required; including support to CSAT operational activities. 

Requirements

What you will bring to the role

• Exceptional practical application and execution of: 
  • Defining and understand use of critical data elements for Vulnerability Management
  • Utilising big data systems interconnecting complex data sets to provide comprehensive data analysis and reporting solutions.
  • Using reporting platforms (e.g. PowerBI, Excel) to an advanced level being able to perform complex data interrogation.
  • Vulnerability management lifecycle.
  • Scanning technologies (e.g. Nessus, SAST, MAST and DAST scanning).
  • Scripting or programming languages (e.g Python, C+, or PowerShell, VBA scripting).

• High level of integrity and strong ethical values.
• Excellent organisational, administrative, analytical, problem solving and data management skills with the ability to work accurately and methodically whilst under pressure to meet deadlines.
• Strong interpersonal skills with the ability to build effective working relationships with colleagues and work well as part of a team. 
• Strong team player and collaborative worker.
• Ability to work remotely. 
• Ability to manage a team
• Minimum 3 years’ experience in working as a threat & vulnerability management expert and developing programs.
• Minimum of 3-5 years’ experience in working in IT Security or similar role
• Pro-active, independent, collaborative team player with a positive attitude.
• Flexible approach to shifting or competing priorities.
• Process orientated, outstanding organizational skills.
• Proven track record on delivering activities on time to a high standard. 
• Ability to work remotely. 
• Excellent understanding of Sharepoint, Microsoft Teams and Confluence. 
• Experience of working in roles within Risk Management and Governance.

This is a London based role.

Come Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC UK is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. 

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Recruitment Helpdesk: 

Email: hsbc.recruitment@hsbc.com  

Tel: +44 (0) 207 832 8500