• Ensure the bank’s policies and practices prioritise address business needs with a focus on sensitive data, customer privacy and trust.

• Work closely with product teams & developers to embed data protection considerations into customer-facing initiatives.

• Fully leverage automation and platform integration to deliver the best possible end user experience and frictionless data protection.

• Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.

• Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short- and long-term shifts in business/function patterns of activity and demand.

• Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.

• Respond promptly and effectively to data breaches or security incidents, minimizing impact on customers.

• Develop and implement a comprehensive strategy aligned with the bank's overall strategy and cybersecurity objectives.

• Provide visionary leadership to the team, fostering a culture of continuous improvement and innovation.

• Collaborate with senior leadership across the bank to ensure data protection initiatives support business goals, risk appetite and objectives.

• Manage the budget, ensuring efficient allocation of resources for optimum delivery.

• Supports the development of the team making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value.

• Actively encourages a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify talent.

• Governs risk responsibly. Promotes ethical management of risk across regions and business areas within their area of responsibility.

• Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their area of responsibility.

• Embeds efficient risk and compliance processes and procedures into business as usual practices.

• Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.

• Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.

• Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate.

• To work on the following projects, CoT, Misdirected emails, insider Threat, external email backhaul via EOL, DLP

• A deep understanding of the fundamentals of how email systems work and the different layers of security involved, with an in depth knowledge of SMTP, including SMTP Auth.

• Knowledge of the HSBC (or other large Bank or Enterprise) mail environment / infrastructure / Architecture and Exchange Online would be preferable

• Understanding and able to Identify/recommend/implement capability, processes and procedures to avoid Malware, Phishing and Social Engineering attacks.

• Practical experience of the implementation of email systems but preferably Proofpoint solutions. This includes managing security policies, using the vendor tools for threat analysis, and potentially data loss prevention techniques.

• Comfortable to utilise and configure Vendor solutions (preferably Proofpoint) to enhance security. Skills

• A background in information systems, technology, architecture, design, and service delivery of defense-in-depth capabilities.

• Strong stakeholder management skills, with experience of understanding and meeting the needs of multiple stakeholders.

• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.

• Extensive experience in data protection, cybersecurity,

• Proven track record of successfully developing, delivery and implementing large scale global data protection strategies & programmes.

• Customer centric consultancy approach with experience in delivering large scale transformation.

• Strong analytical and problem-solving skills.

• Experience working in a highly regulated, large multi-national environment.

• Reliant and adaptive to changing situations, with strong desire to delegate and empower the team.