-Manage the end-to-end lifecycle of PEN Testing engagements across multiple teams and vendors

-Coordinate scheduling, resource allocation, and reporting timelines for all PEN Testing activities

-Review and consolidate PEN Test results, ensuring clarity and consistency in reporting

-Communicate findings, risks, and remediation progress to Senior Managers/Leadership and relevant business units

-Track and escalate unresolved issues or critical vulnerabilities

-Maintain documentation, dashboards, and audit trails for compliance and governance

-Collaborate with Cybersecurity teams to ensure alignment with broader security strategy

-Facilitate post-test reviews and lessons learned sessions

-Reporting all Ad-Hoc and On Demand tests

-Collaborate with the Regional and Country representatives of Technology plus other peer managers to implement the team's goals within entity policy, expense and regulatory constraints

-Support peers and senior management within the Cybersecurity function to define and implement an industry-leading Cybersecurity Service that supersedes our constantly changing information security threats

-Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties

-Ensure compliance with internal audit and external regulators that any organisational changes are fit-for-purpose and meet their expectations

-Support Senior Managers in the delivery of a Cybersecurity strategy for a team to secure the bank's technology from the inside out, whilst maintaining, protecting and enhancing HSBC's values, reputation and stakeholder value

-Contribute to the overall definition of responsibilities and accountabilities of Cybersecurity within HSBC

-Support Senior Managers to implement an effective engagement model across GB/GF/Regions with their respective Stakeholders.

-Embeds best practice management and supports implementation of transformational change

-Contributes to building plans and budgets which identify value and cost reduction opportunities

-Report and consult issues into CROS Assurance Lead/Manager and support day to day function requirement.

-Project Management: Overseeing the entire penetration testing lifecycle, from initial planning and scoping to execution and remediation. Strong organizational and project management skills to manage multiple engagements simultaneously.

-Stakeholder Management: Serving as the primary point of contact for internal teams, external vendors, and clients to ensure project goals are met.

-Vendor Coordination: Managing relationships with third-party penetration testing vendors, help in processing Statements of Work (SOWs), and ensuring deliverables meet expectations.

-Communication: Excellent written and verbal communication skills to effectively interact with diverse audiences, from technical experts to executive leadership. Effectively convey technical information to non-technical stakeholders. Presenting test results, risks, and recommendations to both technical staff and executive management in clear and concise reports and presentations.

-Problem-Solving: A resourceful and creative approach to resolving challenges that arise during the testing process.

-Technical Liaison: Collaborating with technical teams to ensure the availability of test environments and to support the remediation efforts of identified vulnerabilities.

-Compliance & Reporting: Ensuring all testing and findings adhere to internal audit requirements and external regulations and tracking key project metrics and documentation.

-Process Improvement: Contributing to the development and implementation of standardized processes, tools, and best practices to improve the efficiency and consistency of penetration testing services. Continuous learning ensures that penetration testers adapt to change.

-Tools knowledge: Proficiency in project management tools (e.g. Jira, Confluence, MS Project, or similar), SNOW, Power BI, Microsoft Excel

-Cybersecurity Fundamentals: A solid understanding of penetration testing principles, methodologies, and common vulnerabilities. Experience working in regulated environments or with compliance frameworks (e.g. ISO 27001, NIST, etc.), any additional certifications would be an asset.

-Technical Aptitude: Familiarity with various technologies, including networks, web applications, and cloud infrastructures.

-Risk Management: The ability to understand and convey the business impact of identified security vulnerabilities.