IT Security Manager

HSBC - More jobs by this advertiser
 Job Description - IT Security Manager (0000D4DR)

Job Description 

IT Security Manager : 0000D4DR 




Role Title: IT Security Manager

Business: Commercial Banking IT

Role Purpose / Description

CMB Security Architecture is a global function responsible for the definition of the future state security, the creation /use of security patterns and assuring that appropriate security is designed-into CMB services and projects. CMB Security Architecture will provide security architecture guidance and assurance to CMB IT and business teams.  It will work with CMB Architecture, Enterprise Security Architecture and other key CMB and Enterprise groups.


The overall services that the team will provide are as follows:


  • Define, design, evaluate and maintain the CMB Business Cybersecurity architecture

  • Drive the implementation of secure design through guidance and assurance.

  • Measure adherence to the security architecture within CMB to drive progress.

  • Security product/service selection & implementation with associated processes and controls

  • Delivery of solutions architecture consulting.

  • The role will be hands-on and cuts across all the CMB IT teams and Architecture disciplines: Application, Solution, Technical, Information and Enterprise.

  • Principal Accountabilities:  Key activities and decision making areas

  • Impact on the Business

  • Champion the development and implementation of CMB’s target state Security Architecture.

  • Govern the introduction of new security techniques, products, services, technologies and standards where needed against identified use cases and taking into account commercial.

  • Have a holistic knowledge of CMB’s most critical business systems

  • Stay abreast of technology trends and advise IT and the business about potential benefits/impacts.

  • Propose innovative architectural solutions to address security capability and control gaps 

  • Plan strategic roadmaps and position the Business to provide new customer services secured by the latest security capabilities

  • Own CMB related security patterns for all layers of the stack (from network fabric, to hardware and OS) as well as service models (IaaS, PaaS, Saas), and ensure alignment with security policies and standards

  • Customers / Stakeholders / 3rd Parties

  • Work closely with CMB Architects, Solution Designers, Enterprise Security Architecture and Cybersecurity Assessment. (CSAT).

  • Work with stakeholders to communicate, educate and influence key security controls and strategic direction

  • Participate in continual improvement of CyberSecurity by investigating new security processes, technologies, and tools, and regular communication of related information.

  • Leadership & Teamwork

  • Evangelize the benefits of security architecture, accepted best practice techniques, standards and tools to CMB

  • Develop and evolve security best practice within CMB

  • Drive target state security architecture execution in collaboration with stakeholders

  • Lead security information sharing across CMB

  • Operational Effectiveness & Control

  • Manage security architecture reviews through Technical Design Authority (TDA) and Solutions Architecture Board (SAB) ensuring peer review of all projects

  • Ensure that any new services/projects are taken through the Technology Design Authority (TDA)

  • Drive usage and creation of security patterns/ services

  • Ensure compliance with all relevant internal instructions (FIMs, GSMs, circulars) and external regulatory requirements, including the management of operational risk and adherence to the Group’s standards of ethical behaviour


  • Major Challenges:

  • Understand Commercial Banking strategy and drive the IT Security target state architecture to ensure IT’s current and future capabilities satisfy these business needs.  Influences IT stakeholders to ensure that the necessary investments are made to deliver required security services/capabilities.  Initiates improvement in services, products and systems.

  • Leads development and communication of Commercial Banking’s Cybersecurity Assurance.  Ensure CMB’s governance framework provides clear decision-making on security. Promotes security policies, practices and decisions that recognise the current and evolving needs of all the stakeholders.

  • Provision of security consultancy services.  Takes full responsibility for the balance between non-functional, service quality and systems management requirements.

  • Drives security design activities, promoting the discipline to ensure consistency.  Ensure appropriate adherence to HSBC standards.

  • Coordinates the identification and assessment of the security impact of emerging technologies & innovation.

  • Ensures projects/ systems are reviewed for compliance with HSBC’s security standards, policies and target state architecture strategy.  Ensures that any identified security risks are highlighted appropriately.






Knowledge & Experience / Qualifications

(For the role – not the role holder.  Minimum requirements of the role.):

  • Bachelor’s degree in Computer Science, Cyber Security or a related field

  • At least 7+ years of relevant IT experience, including exposure to design, engineering, implementation and operations (3-5 of those years to be devoted specifically to security)

  • Experience of performing security design reviews, ideally including threat assessment / threat modelling

  • Ability to provide direction and guidance on security architectural use cases and requirements.

  • Familiarity with Industry Standard Security Frameworks such as NIST Cybersecurity Framework, ISO 27001/27002, ITIL, COBIT.  IT or cloud related security qualifications desirable.

  • Experience in defining future architectural strategy and roadmaps

  • Experience with role-based authorization methodologies, authentication technologies and security attack pathologies

  • In-depth knowledge of key IT domains particularly computing platforms (Windows, UNIX and Linux) and networking technologies

  • Knowledge and experience with perimeter security controls such as firewall, IDS/IPS, network access control, and network segmentation

  • Proficient in security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies Security Architectural experience working in complex organizations.

  • Comfortable working with ambiguity and conducting research as well as managing third party vendor(s).

  • Ability to write position papers on highly complex topics for a business audience to assist in decision making

  • Experience building reference security architectures and adapting them for business use cases.

  • Understanding of Cloud service models (IaaS, PaaS, SaaS), and supporting technologies.

  • Experience with any of the industry Cloud technologies such as Amazon Web Service, Azure, Google Cloud, etc., as well as virtualization technologies (VMWare, MVS, xEN, Virtual Box, etc...)

  • Familiarity with deploying and securing container technology, VM Ware ESXi, and OpenStack is desirable

  • Understanding of network technologies including SDN, routing (including VRFs), and enterprise network designs.

  • Knowledge of third party auditing and cloud risk assessment methodologies 




About HSBC Technology China


We develop, implement and support software and IT services and processes that allow HSBC to remain at the forefront of high-quality banking systems. We develop and maintain systems for HSBC’s global businesses, as well as support functions such as Finance, HR and Risk. We work across a range of technology platforms and development disciplines, from mainframe to mobile technologies.


Our team includes software engineers and developers, architects, testers, IT and business analysts, consultants and programme and project managers, as well as team leadership and management roles. We employ people in almost all the countries and territories in which HSBC operates. Two locations of HSBC Technology China, including Guangzhou and Xi’an, are world-class technology hubs with industrial delivery capability.


Some careers grow faster than others


If you’re looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.



Job Field

 : Information Technology

Primary Location

 : Asia Pacific-China-Shaanxi-Xi�an


 : Full-time 


 : Day JobType of Vacancy : Country vacancy

Job Posting

 : 29-May-2019, 15:16:14 

Unposting Date

 : 12-Jun-2019, 23:59:00  

26 November 2019
Location: China Shaanxi Xi�an
Work type:
Full time
Banking and Financial Services
Information Technology
PLEASE! No enquiries from Recruitment Agencies or Headhunters.

Only direct applications will be considered.

This career opportunity is no longer open.
Please search for current vacancies here.

Bookmark and Share
  • Previous Next

This website uses cookies

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.
I agree
Read more