The Technology Risk and IT Change Manager will serve as a specialist as part of HSBC’s second line of defence Operational and Resilience Risk team. The role holder will serve as primary point-of-contact from US Operational and Resilience Risk to HSBC’s US IT risk and change management operations, providing engagement and credible challenge of technology risk governance and change controls for Information Technology and Cybersecurity Risk.
- Risk Management Expert: Specialist in information technology risk, including cybersecurity principles, cloud strategies and IT operational processes, with focus on change control and risk management through IT governance.
- Risk Management Oversight: Ensure robust oversight and credible challenge with clear expectations set with IT and Cyber Security Control Owners. Works closely with the first line of defense (including USA CIO, CISO, CCO and their respective teams) to agree required outcomes and remediation priorities.
- IT Change Oversight: Support the guidance, oversight and challenge on key Information Technology and Cybersecurity Risk issues arising from IT change management. Monitor and challenge the effective of ongoing change management control monitoring plans (i.e. oversight of test plans, sample checks).
- Risk Appetite: Monitor US Resilience Risk Appetite and oversee first line of defense reporting to governance committees. Work with US ORR Business and Functions teams to ensure US businesses understand the impact of any Resilience Risk appetite breaches that require changes to controls, resources and business operations.
- Risk Policy: Provide subject matter expertise and credible challenge on US Resilience Risk policy dispensations and risk acceptances.
- Risk Position and Challenge Papers: Help prepare evidence-based papers pertaining to Information Technology and Cybersecurity Risk positions to US boards, Risk Management Meeting (RMMs), Control Environment Management Meeting (CEMMs), and related forums.
- Regulatory Awareness: Apply guidance on HSBC’s adherence to Information Technology and Cybersecurity Risk-related legislation and regulations from government organisations, regulators, and industry organizations.
- Ability to engage with first line of defense stakeholders
- Strong written communicator with demonstrated analytic skills
- Understanding of risk management principles
- Providing Expert Advice and Robust Challenge
- Delivering Risk Steward Policies
- Oversee, Review, and Challenge Risks and Controls
Qualification & Experience:
- 3-5 years experience in related risk management and/or technology role(s)
- Bachelor’s degree and/or professional certificate in related discipline
Vacancy Type: Full Time
Job Location: New York City, NY, US
Application Deadline: N/A