Join a digital first bank that’s powered by people.
Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.
Operating within the Global Cybersecurity function and under the management of the Global Head of Cybersecurity Operations & Intelligence, the Global Cybersecurity Operations & Intelligence (GCO&I) team provides a coordinated suite of cyber-threat defence services and are responsible for the monitoring, detection and response to cybersecurity threats across the global HSBC technology estate.
Reporting directly into the Global Head of Cybersecurity Operations & Intelligence, the Global Head of Sustainable Cybersecurity Operations leads the Sustainable Cybersecurity Operations function, a team split into three distinct but closely connected sub-functions focused on the continuous improvement of the Cybersecurity Operations and Security Operations Centre (SOC), technology integrations and capability enhancements
The role holder will be the strategic head of the global function, tasked with achieving the desired outcomes via clearly defined strategic goals, cross functional project delivery and highly-effective stakeholder engagements across the technology landscape. Working closely with the technology owners and their peer Global Heads within the GCO&I function, the role holder will manage a successful team of highly-technical, cybersecurity SMEs in their delivery of business and intelligence led capability and technology uplifts for the global SOC.
This is a key management team role that underpins the foundational capabilities supporting the wider Global Cybersecurity Operations & Intelligence mission to respond to cyber-threats against HSBC rapidly, effectively and consistently.
Job Requirements:
- Developing, implementing and maintaining a cross-functional strategy to support the Sustainable Cybersecurity Operations team and sub-functions in delivering on their mission to support the GCO&I cyber-threat intelligence led approach to the detection, response and containment of cyber-threats.
- Leading the direction and development of individual sub-function strategies to ensure alignment within Sustainable Cybersecurity Operations and with the wider GCO&I function.
- Developing and maintaining a flexible stakeholder engagement model that caters for both proactive and reactive collaboration and can rapidly adjust and reprioritise workloads in response to the changing threat-landscape.
- Building and maintaining strong processes and collaborative working practices with supporting teams in Sustainable Cybersecurity Operations and the wider Global Cybersecurity Operations & Intelligence teams.
- Building relationships and engagements with the many technology and platform owner stakeholders.
- Successfully maintaining these relationships and delivering prioritised outcomes in an environment where relationships can be complex and priorities are often divergent.
- Maintaining governance across all Cyber Ops Integration activities and ensuring the creation, collection and processing of key data points to feed into relevant service reporting e.g. service delivery metrics, KPIs, KCIs, and performance dashboards.
- Building, leading and maintaining a high-performing team of SMEs across the sub-functions.
- Empowering the SME sub-function teams to be able to deliver toward strategy goals through the implementation of a high-performance, transparent and fair management structure.
Qualification and Skills:
- Experience in a leadership position within a cyber-security operations team to include team and capability development, staff development, career management, and recruitment.
- Excellent understanding and knowledge of common industry cybersecurity frameworks, standards and methodologies, including; OWASP, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards, and the MITRE ATT&CK Framework.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
- Excellent knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, AV, EDR, Firewalls, Proxies etc.
- Excellent knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
- Excellent knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.
- Good knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google their associated security tooling/platforms.
- Good knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
- Excellent knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools such as Splunk Enterprise Security. Knowledge of cloud based “data lake” solutions used for the collection and real-time advanced analysis of security information.
- Ability to identify, develop and track key performance indicator (KPI) and key control indicator (KCI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.
- Good knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.
This role is based in Sheffield.
Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces - no matter their gender, ethnicity, disability, religion, sexual orientation, or age. We are committed to removing barriers and ensuring careers at HSBC are inclusive and accessible for everyone to be at their best.
If you have a need that requires accommodations or changes during the recruitment process, please get in touch with our Recruitment Helpdesk:
Email:
Telephone: