Security Consultant

Join to apply for the Security Consultant role at HSBC

Tech Sourcing Specialist, Digital Business Services at HSBC via AMS
Join a digital first bank that’s powered by people.

Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.

We have an entrepreneurial mindset. Our people work together, creating an agile, collaborative, and innovative culture. You’ll learn and expand your skills, plus we will support you every step of the way as you grow your career.

The Managed File Transmission Team is responsible for managing file transfers for both internal and external customers of HSBC via the shared file gateways on a variety of different platforms, products, technology and standards supporting file transfers across the HSBC Group for all lines of businesses.

The team supports several technologies that provide highly reliable, resilient and secure services. The team is responsible for all aspects of the project lifecycle ensuring that bank policies, guidelines, governance and standards are defined where necessary and followed. Team members are also expected to explore new process and procedure and continually seek improvement of themselves and the File Transmissions Domain globally by closely working with the MFT Engineering Team.

The role will work with senior leaders to deliver on complex, enterprise-level initiatives that are a part of the bank's overall strategic direction. The Technical Leader will play an integral role in defining and developing the MFT Security Policy, and to ensure compliance against all other related HSBC Security Policies and Standards. The role will help grow effective partnership with HSBC Cybersecurity team to understand and respond to the Cyber threat landscape

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

In this role you will:

Develop security policies, procedures and plans to ensure robust governance

Act as MFT security authority, advising MFT technology teams

Evaluate risk at the technical and system process levels by assessing systems for compliance with established security control frameworks such as CAF, NIS/NIS2, ISO27001,NIST CSF and CIS

Produce detailed, high quality risk assessments and reports, highlighting security issues, recommending improvements to technical and governance controls, and providing solutions to mitigate identified security risks

Understand the business and information risk landscape, including common business drivers, cyber security threats, and operation challenges faced by the MFT teams

Assesses risk at both technical and business process level, effectively communicating findings and recommendations to key stakeholders both verbally and in writing

Review the effectiveness of existing controls against recognised frameworks and suggests appropriate security enhancements

Research and analyse security technologies to support the proposition of innovative security solutions for MFT services and technology

Perform complex risk assessments and threat modelling to support new technologies or design patterns

Adhere to HSBC policy, procedures and control requirements applicable to day-to-day working, exceptional and project activities, and raise any concerns about actual or potential issues promptly, in line with reporting and escalation procedures.

Apply policies, procedures, practices and standards to their allocated tasks, taking responsibility for their own actions, to ensure the achievement of high levels of quality, effective risk management and regulatory compliance.

To be successful in this role you should meet the following requirements:

Experience developing security policies, threat modelling and determining risk

Strong knowledge of CAF, NIS/NIS2, ISO27001, NIST CSF and CIS and risk assessment methodologies

Experience with reviewing security standards, controls, and policies and recommending enhancements.

Good understanding of security testing principles, including experience of vulnerability scanning, identifying, resolving and reporting risks.

Experience leading and delivering Cybersecurity projects.

Ability to perform complex risk assessments and threat modelling to support new technologies or design pattern.

Technical writing experience in relevant areas, including queries, reports, and presentations

This role is based in Sheffield.

Joining a diverse and inclusive workplace, HSBC offers tailored professional development, private healthcare, enhanced maternity and adoption pay, and a contributory pension scheme.

#J-18808-Ljbffr