Function/Overview:
Lead, develop, organize, manage and report on the following centralized information/IT security functions for HBUS and HBIO entities:
. operational risk
. key risk indicators
. internal and external audits
Provide consultation as a subject matter expert to technology and business teams.
Contribute, as a project team member, to the execution of the information security risk assessment framework.
Duties and Responsibilities:
Responsible for role as Information Security’s OpR Coordinator.
- Lead annual review and continuous development of comprehensive information security operational risks. This includes:
. internal NAIS team engagement and awareness
. consultation with other HSTU teams with responsibility for security risks
. training for internal NAIS team on operational risk topic and responsibilities
. providing consultation to internal NAIS team on identification and execution of action plans
. development and maintenance of process documentation
. development of key risks indicators for highly rated OpRs
. act as Information Security’s liaison to the HSBC corporate operational risk functions
- Improve awareness and understanding of security risks within the HBUS and HBIO businesses by providing training and consultation to Business OpR coordinators, and BISO (Business Information Security Officer) Program personnel for recognition of risks and recommendations on action plans via routine engagement.
- Develop and execute schedules for routine updates to ensure timely knowledge of, remediation of and where necessary, escalation/notification of risks.
- Work with and support adherence to regulatory and compliance issues/concerns by ensuring topics are addressed properly.
Responsible for role as Information Security’s Audit Coordinator.
- Manage the relationship between Information Security and Internal and External Audit.
For Internal audit, this includes:
. acting as Information Security’s point of contact for any audit issues at the departmental level
. ensuring Information Security team awareness of upcoming business unit audits
. providing internal consultancy within Information Security and to Audit and business personnel on audit issues and remediation
. development and maintenance of process documentation and dashboard reporting
. attending pertinent audit initiation and closure meetings
. managing closure of open issues to plan
For External audit, this includes:
. acting as Information Security’s point of contact for any audit issues at the departmental level
. ensuring Information Security team awareness of upcoming audits involving the department
. development and maintenance of process documentation, dashboard reporting and status updates
. managing closure of open issues to plan
Identify opportunities to create new/update existing information security standards as required.
Contribute to HSBC board level reporting on security risk topics.
Participate in other administrative functions in support of Management.
Provide backup support for IT Security standards dispensation .
Monitor the status of information security through participation in security reviews and risk assessments. Identify security exposures, recommends corrective action and proposes data security enhancements.
Contribute, as a project team member, to the execution of the information security risk assessment framework.
Ensure compliance monitoring and internal controls are in place, including processes for management of operational risk, in accordance with HSBC and regulatory standards.
Contribute to the positive working relationships with Technology Risk Management and Technology Compliance.
Special Requirements/Comments:
- Will be required to travel 5-15% of the time.
- Provides after-hour and weekend support as required. Experience: Requirements
- Strong working knowledge of Operational Risk.
- Working knowledge of the GORDON database (Group Operational Risk data repository)
- Strong working knowledge of HSBC audit concepts.
- Strong working knowledge information/IT Security functions and responsibilities.
- Knowledge of ISO 17799, FFIEC guidance on information security and Graham-Leach-Bliley Act.
- Working knowledge of risk assessment and management processes.
- Experience interacting with Compliance, Internal Audit, External Audit and Regulatory teams.
- A Bachelor’s degree in business, risk management, management information systems, related technical field or equivalent professional level of knowledge and experience.
Eight to ten years progressive technology, security and/or risk management experience.
- Minimum 3 years information security experience.
- Strong demonstrated understanding of security principles, policies, and industry best practices. Security certification and/or project management certification is a plus.
- Excellent written communication skills using Word, Excel and Powerpoint.
- Excellent verbal communication and presentation skills.
- Strong project management, communications, technical planning, people and team management skills, particularly with project and cross-functional teams.
- Demonstrated ability to think quickly and take risks commensurate with responsibility.
- Ability to work with all levels of management and technical support to further the goals of the department.
- Expertise in negotiation skills, active listening, and building relationships.
- Experience working in a high-pressure environment.
- Ability to translate directions into actionable plans delivered on time and within budget.
- Ability to learn quickly and implement new technologies in a rapid, demanding, and changing environment, establishing realistic yet aggressive timeframes.
- Ability to feel comfortable working with unproven/challenging new concepts. Desire to learn new and different approaches.
- Must possess a "can do" attitude, positive thinker. To Apply to this job go to http://www.GadBall.com or click here
Thursday, October 26, 2006