OPERATION

-Create new and improve existing operational models to guide our daily operational activities.

-Identify service gaps and create uplift plans for future state models and road maps.

-Identify critical paths of operation and ensure that they are followed to provide the most streamlined and efficient method of operating, sometimes working to critical time deliveries.ASSESSMENT

-Ensure that the assessment function is able to react in real time to potential threats, runs to a high-quality standard, including ingestion of relevant intelligence, and appropriate analysis to put the bank in the best informed position to make choices that will continually lead to successful defence and hardening.

-Maintain operational documentation and ensure reports are available, and how to access and utilise existing filters.

-To oversee the False Positive, Temp Fix, criticality reviews, Patch Tuesday, Service Sustainability Portfolio and Secret Exposed Credential reviews conducted by the team and ensure that satisfactory and accurate identifications are managed and documented for audit purposes.

-To create and maintain a suitable remediation and mitigation guidance to ensure all Global Businesses and Functions have clear instructions on available solutions and are able to deploy the required fix, or reduce our risk exposure. You will also be responsible for working with 2LOD where Issues and APs are required.

-Ensure that all CVE/CWE vulnerabilities are reviewed and attended to, in an accurate and reportable way. You will be responsible for maintaining all intelligence, criticality assessments and risk feeds that keep us up to date and in some cases, ahead of the adversaries. GOVERNANCE

-Contribute to responses that inform requests from Regulators, Internal/ External Audit etc

and responses to 2LOD challenges/ Papers providing responses / guidance to the Cybersecurity Governance Team

-Providing commentary to routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs. GENERAL

-Adhoc tasks as required

including support to CSAT operational activities.

-Handling escalations and ad-hock requests from any team or angle.

-Be able to work and empower teams on a fully global level, including a five day FTS model.

-Ability to co-ordinate with a wide range of stakeholders to drive accountability and remedial activities.

Exceptional practical application and execution of:

-Applying, and improving elements of the Vulnerability Management Lifecycle.

-The ability to use multiple toolsets to convey information, obtain data, and make it meaningful to future plans.

-Business and architectural design experience, including controls analysis, process flows, data flows, etc.

-Knowledge of existing scanning technologies (e.g. Nessus, SAST, MAST and DAST scanning).

-Threats and Risk, able to act with insight to deliver a core part of the Cyber Security Operational model in HSBC. Multiple functions will come together to ensure the safety of the bank and the ability to continue business under any circumstances. Knowledge of CVE’s, CISA, NVD, Mitre and CVSS metrics.

-Minimum 3 years’ experience in working within a threat & vulnerability management function or a minimum of 3-5 years’ experience in working in IT Security or similar role

-High level of integrity and strong ethical values.

-Ability to lead by example and experience in managing a team of multi-skilled team members to deliver core requirements in a simultaneous fashion.

-Lateral thinking and creative form to deploy expertise in the uplift of people skills, process identifications, and technological adjustments.

-Excellent organisational, administrative, analytical, and problem solving skills with the ability to work accurately and methodically whilst under pressure to meet deadlines.

-Strong interpersonal skills with the ability to build effective working relationships with colleagues and work well as part of a team.

-Pro-active, independent, collaborative team player with a positive attitude.

-Flexible approach to shifting or competing priorities.

-Proven track record on delivering activities on time to a high standard.

-Excellent understanding of SharePoint, Microsoft Excel & Teams, and Confluence.