Role Title: IT Security Manager
Business: Commercial Banking IT
Role Purpose / Description
CMB Security Architecture is a global function responsible for the definition of the future state security, the creation /use of security patterns and assuring that appropriate security is designed-into CMB services and projects. CMB Security Architecture will provide security architecture guidance and assurance to CMB IT and business teams. It will work with CMB Architecture, Enterprise Security Architecture and other key CMB and Enterprise groups.
The overall services that the team will provide are as follows:
Define, design, evaluate and maintain the CMB Business Cybersecurity architecture
Drive the implementation of secure design through guidance and assurance.
Measure adherence to the security architecture within CMB to drive progress.
Security product/service selection & implementation with associated processes and controls
Delivery of solutions architecture consulting.
The role will be hands-on and cuts across all the CMB IT teams and Architecture disciplines: Application, Solution, Technical, Information and Enterprise.
Principal Accountabilities: Key activities and decision making areas
Impact on the Business
Champion the development and implementation of CMB’s target state Security Architecture.
Govern the introduction of new security techniques, products, services, technologies and standards where needed against identified use cases and taking into account commercial.
Have a holistic knowledge of CMB’s most critical business systems
Stay abreast of technology trends and advise IT and the business about potential benefits/impacts.
Propose innovative architectural solutions to address security capability and control gaps
Plan strategic roadmaps and position the Business to provide new customer services secured by the latest security capabilities
Own CMB related security patterns for all layers of the stack (from network fabric, to hardware and OS) as well as service models (IaaS, PaaS, Saas), and ensure alignment with security policies and standards
Customers / Stakeholders / 3rd Parties
Work closely with CMB Architects, Solution Designers, Enterprise Security Architecture and Cybersecurity Assessment. (CSAT).
Work with stakeholders to communicate, educate and influence key security controls and strategic direction
Participate in continual improvement of CyberSecurity by investigating new security processes, technologies, and tools, and regular communication of related information.
Leadership & Teamwork
Evangelize the benefits of security architecture, accepted best practice techniques, standards and tools to CMB
Develop and evolve security best practice within CMB
Drive target state security architecture execution in collaboration with stakeholders
Lead security information sharing across CMB
Operational Effectiveness & Control
Manage security architecture reviews through Technical Design Authority (TDA) and Solutions Architecture Board (SAB) ensuring peer review of all projects
Ensure that any new services/projects are taken through the Technology Design Authority (TDA)
Drive usage and creation of security patterns/ services
Ensure compliance with all relevant internal instructions (FIMs, GSMs, circulars) and external regulatory requirements, including the management of operational risk and adherence to the Group’s standards of ethical behaviour
Understand Commercial Banking strategy and drive the IT Security target state architecture to ensure IT’s current and future capabilities satisfy these business needs. Influences IT stakeholders to ensure that the necessary investments are made to deliver required security services/capabilities. Initiates improvement in services, products and systems.
Leads development and communication of Commercial Banking’s Cybersecurity Assurance. Ensure CMB’s governance framework provides clear decision-making on security. Promotes security policies, practices and decisions that recognise the current and evolving needs of all the stakeholders.
Provision of security consultancy services. Takes full responsibility for the balance between non-functional, service quality and systems management requirements.
Drives security design activities, promoting the discipline to ensure consistency. Ensure appropriate adherence to HSBC standards.
Coordinates the identification and assessment of the security impact of emerging technologies & innovation.
Ensures projects/ systems are reviewed for compliance with HSBC’s security standards, policies and target state architecture strategy. Ensures that any identified security risks are highlighted appropriately.
Knowledge & Experience / Qualifications
(For the role – not the role holder. Minimum requirements of the role.):
Bachelor’s degree in Computer Science, Cyber Security or a related field
At least 7+ years of relevant IT experience, including exposure to design, engineering, implementation and operations (3-5 of those years to be devoted specifically to security)
Experience of performing security design reviews, ideally including threat assessment / threat modelling
Ability to provide direction and guidance on security architectural use cases and requirements.
Familiarity with Industry Standard Security Frameworks such as NIST Cybersecurity Framework, ISO 27001/27002, ITIL, COBIT. IT or cloud related security qualifications desirable.
Experience in defining future architectural strategy and roadmaps
Experience with role-based authorization methodologies, authentication technologies and security attack pathologies
In-depth knowledge of key IT domains particularly computing platforms (Windows, UNIX and Linux) and networking technologies
Knowledge and experience with perimeter security controls such as firewall, IDS/IPS, network access control, and network segmentation
Proficient in security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies Security Architectural experience working in complex organizations.
Comfortable working with ambiguity and conducting research as well as managing third party vendor(s).
Ability to write position papers on highly complex topics for a business audience to assist in decision making
Experience building reference security architectures and adapting them for business use cases.
Understanding of Cloud service models (IaaS, PaaS, SaaS), and supporting technologies.
Experience with any of the industry Cloud technologies such as Amazon Web Service, Azure, Google Cloud, etc., as well as virtualization technologies (VMWare, MVS, xEN, Virtual Box, etc...)
Familiarity with deploying and securing container technology, VM Ware ESXi, and OpenStack is desirable
Understanding of network technologies including SDN, routing (including VRFs), and enterprise network designs.
Knowledge of third party auditing and cloud risk assessment methodologies
About HSBC Technology China
We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems. We develop and maintain systems for HSBC’s global businesses, as well as support functions such as Finance, HR and Risk. We work across a range of technology platforms and development disciplines, from mainframe to mobile technologies.
Our team includes software engineers and developers, architects, testers, IT and business analysts, consultants and programme and project managers, as well as team leadership and management roles. We employ people in almost all the countries and territories in which HSBC operates. Two locations of HSBC Technology China, including Guangzhou and Xi’an, are world-class technology hubs with industrial delivery capability.
Some careers grow faster than others
If you’re looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.