US Operational and Resilience Risk (ORR) is a sub-function of Group Risk. Its purpose is to ensure HSBC understands and is in control of, its non-financial risk position. In addition, the function provides resilience risk stewardship to US businesses, functions and entities in which the US bank operates.Technology Resilience is the risk of unmanaged disruption to any IT system within HSBC, as a result of malicious acts (i.e. cyber-attacks), accidental actions or poor IT practise (i.e. change control) or IT system failure (i.e. a core network switch failing). The Technology Risk and IT Change Manager will serve as a specialist as part of HSBC’s second line of defence Operational and Resilience Risk team. The role holder will serve as primary point-of-contact from US Operational and Resilience Risk to HSBC’s US IT risk and change management operations, providing engagement and credible challenge of technology risk governance and change controls for Information Technology and Cybersecurity Risk.
- Risk Management Oversight: Ensure robust oversight and credible challenge with clear expectations set with IT and Cyber
- Security Control Owners. Works closely with the first line of defense (including USA CIO, CISO, CCO and their respective teams) to agree required outcomes and remediation priorities.
- IT Change Oversight: Support the guidance, oversight and challenge on key Information Technology and Cybersecurity Risk issues arising from IT change management. Monitor and challenge the effective of ongoing change management control monitoring plans (i.e. oversight of test plans, sample checks).
- Risk Appetite: Monitor US Resilience Risk Appetite and oversee first line of defense reporting to governance committees.
- Work with US ORR Business and Functions teams to ensure US businesses understand the impact of any Resilience Risk appetite breaches that require changes to controls, resources and business operations.
- Risk Policy: Provide subject matter expertise and credible challenge on US Resilience Risk policy dispensations and risk acceptances.
- Risk Position and Challenge Papers: Help prepare evidence-based papers pertaining to Information Technology and
- Cybersecurity Risk positions to US boards, Risk Management Meeting (RMMs), Control Environment Management
- Meeting (CEMMs), and related forums.
- Regulatory Awareness: Apply guidance on HSBC’s adherence to Information Technology and Cybersecurity Risk-related legislation and regulations from government organisations, regulators, and industry organizations.
- Subject matter expertise in one or more resilience technology risk categories (i.e. IT risk management), including understanding of industry best practices, frameworks, and regulatory guidelines
- Understanding of risk management principles
- Ability to engage with first line of defense stakeholders
Qualification & Experience:
- 3-5 years experience in related risk management and/or technology role(s)
- Bachelor’s degree and/or professional certificate in related discipline
Vacancy Type: Full Time
Job Location: Sarasota, FL, US
Application Deadline: N/A