Head of IAM Service Delivery

Big Bank Funding. FinTech Thinking.

Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.

We work in small, agile DevOps teams with colleagues around the world from our offices at the in Southwark, our global headquarters in Canary Wharf, and multiple other locations around the UK including Sheffield, Leeds, Barnsley and Birmingham.

Business area overview

Role Purpose

• HSBC is organized by a number of lines of business and global functions. 
  Identity and Access Management (IAM), in the first line of defence, serves as the focal point  in Cybersecurity for access related activities ensuring that HSBC’s electronic based assets are monitored, managed, accessed and protected effectively so that only those people with a legitimate business need can access or modify them, when they need to do so.
• Working within IAM, the role holder will ensure that the controls implemented must also be monitored for completeness, performance & efficiency.
  The purpose of this role is to form the Head of IAM Service Delivery sub function focused on operational activities. Reporting to the Global Head of IAM, the Head of IAM Service Delivery role covers all aspects of operational activity within IAM. 
• The job holder will build and develop a global service delivery team to deliver access management including authentication, authorization, monitoring and privileges across all the Bank’s system boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. Driving the ethos and practice that only the business will truly be able to determine the appropriateness of an individual being granted access to their data and therefore a focus will be placed on enabling the business to review and approve access to their data.
• The job holder will also ensure that all access where possible, must be granted without IT intervention and be centred on a single identity system. The job holder will need to ensure the following tasks are completed:
  • Implementation of solutions and associated processes and controls; Access Management; provisioning (including Privileged Access); Risk Reporting
     

Monitor KRIs & KPIs
The job holder will be expected to propose, gain acceptance and implement the team and processes associated with building a best in class Service Delivery function.  The job holder will also be responsible for introducing controls and management information to be able to demonstrate that IT is adhering to Cybersecurity policies and process. 
 

What you will be doing;

Role Context

Budget.  Directs the prioritisation of spend, ensuring value for money, balancing cost vs benefit
Internal and external relationships.  Global responsibility for a significant part of one of IAM functions. 
People.  Functional responsibility for people, expense, strategy and operation.
Regulatory.  Develops procedures and policy in the context of IT frameworks.  Collaborate with Regional peers to ensure compliance and adherence to regulations and policy
Strategic Input.  As strategies evolve for IT and Cybersecurity and for the Sub-Function, ensure they remain congruent with each other and the Bank’s strategy.  Manage challenges where 3rd parties’ (internal and external) goals and strategies are not entirely aligned, seizing the opportunities these differences present.
 

Role Dimensions
 

• Managing a global team sourced from the main regions and technology centres
• Responsible for people and budget
• Providing 24x7 and follow-the sun support
• Turning the strategy into reality through adequate planning and focus
• Ensuring clear line-of-sight for the Bank’s IAM Controls between requirements
• Effectively engaging with all GBGFs through an efficient and transparent engagement model
• Providing training, career progression and succession planning across all the key roles in the platform
• Understanding best practices as they pertain to IAM Service Delivery
• Working with relevant vendors on roadmaps and new product features
• Managing the RTB and CTB delivery priorities in an effective and cost controlled manner

Impact on Business

• Driving Sustainable Growth.  Develop the Service Delivery Sub-Function responsibly, engaging with colleagues across ITID, Cybersecurity and ISR and wider to deliver sustainable operational plans in line with department strategy. Occasionally engaging with Senior Managers 2 levels above peers internally and externally including the likes of Finance, Legal and other global businesses, Leads and facilitates change through effective communication, preparation and implementation.
• Achieving Excellence.  Drive business performance, persevering under pressure.  Ensure contingency is built into plans to cope with unexpected issues.
• Innovation and Ideas Management.  Drive innovation strategically, to gain competitive advantage.  Take calculated, entrepreneurial risks to achieve the required outcomes. Generate an environment in which innovation/automation is seamlessly embedded into working practices. 

Customers / Stakeholders

• Customer Focus.  Lead a customer-centred culture, championing activities encouraging outstanding customer advocacy.  Proactively seek opportunities to utilise Cybersecurity and ITID services to improve a business operation. Typically, on a peer to peer level, but occasionally engaging with Senior Managers 2 levels above peer, within function and externally. Key customers could include HSBC’s Global businesses/Global Functions, regularly engaging to support requirements
• Strengthening Stakeholder Relationships.  Build relationships to influence decisions and ensure stakeholder advocacy, using organisational knowledge, key to this is the engagement with the other Heads of Cybersecurity sub-function and peers across ITID, Operational Resilience Risk and DBS.

Leadership & Teamwork

• Managing and Leading.  Lead and develop the Service Delivery team, making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value.  Actively encourages a learning culture.  Authentically engages a diverse group of stakeholders including Legal, Audit, technology, and Global Businesses internally and externally vendors to influence the achievement of best outcomes for all stakeholders
• Collaboration. Lead collaboration by championing cross-business working and cross-cultural interactions in the best interests of customers, colleagues and the bank. 
• Coaching.  Coach / mentor Contributes to the establishment of good coaching and mentoring practices.  Demonstrate alternative techniques for diagnosing and coaching individuals and teams. 

Operational Effectiveness & Control

• Managing Risk Responsibly.  Govern risk responsibly. Promote ethical management of risk across regions and business areas within their teams.  Communicate changes in policy and governance effectively, reinforcing risk processes within their team. 
• Financial and Budget Management.  Manage the Service Delivery department finances.  Accurately interpret strategic financial information: makes insightful decisions in financial planning and programme performance monitoring.  Identify and highlight financial implications of risks/ issues, involves stakeholders and manages budget variation as appropriate

Major Challenges

• Budget.  On-going requirement to increase efficiencies, seek alternate sustainable solutions, identify sustainable savings to fund investment
• Internal and external relationships.  Communicate and achieve active support for the implementation of IAM Target Operating Model and Strategy linked to Service Delivery from internal peers and external suppliers.   
• People.  Lead and manage the Service Delivery team across multiple diverse cultures and geographies, acting in a manner consistent with local practices, policies and regulations.
• Regulatory.  Remain cognisant of local regulations which will influence and can constrain implementations.
• Strategic Input.  Develop the goals and strategy of the Sub-Function, and ensure these are congruent with IT and vice versa.  Ensure the Sub-Function is aligned to deliver these goals and strategy. 
• Strategic input. The job holder has to work closely with ISR and IT functions to ensure the responsibilities and accountability between the two is clear. In general terms ISR will move towards being a policy setting, control, oversight and consultancy organisation and IT will build and maintain IT systems together with their day to day operations.  This will involve moving people between the two functions in accordance with the three lines of defence model.  This will be challenging because of the existing blurred job roles and the skill set of the incumbents.

Management of Risk

• The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
• The jobholder will also continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
• This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with the Head of IAM.

Observation of Internal Controls

• Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
• The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
• This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators.

Relationships

• Internal relationships extend to peers across other functions within ITID, Cybersecurity, Operational Resilience Risk, DBS and externally to HSBC global businesses, and will also include external relationships with vendors, typically Audit Legal, and Technology where the need arises.
• Regulatory. Drives Implementation, Governs Risk Responsibly, promotes ethical management of risks, communicates changes in policy and governance effectively, ensures in country regulatory processes and procedures are adhered to.
• Strategic Input.  Monitoring the Strategy.

Qualifications

What you will bring to the role; 

• Typically educated to degree level or experience performing a similar role
• Experience in a managerial role within an IT/Cybersecurity or related field, including experience of managing a global function with a geographically dispersed team
• Ability to build strong relationships and communicate with a wide spectrum of stakeholders
• Excellent knowledge of the project lifecycle
• Understanding of business finance and experience of effective managements of budgets and expenditure
• Comprehensive understanding of positioning Bank approach and policy in context of wider industry trends and direction
   

This role will primarily be London based but some travel may be required.

Come Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of ethnicity, religion, age, physical or mental disability/long term health condition, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by local law in the jurisdictions in which we operate. 

Within the work place you will have access to various employee resource groups which aim to promote and achieve a healthy work / life balance and support our diversity ambitions.  

HSBC has in place processes in order to avoid nepotism, which means to avoid creating circumstances in which the appearance or possibility of conflicts of interest may exist within the hiring process.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Job Field

 : Technology

Primary Location

 : Europe-United Kingdom-Greater London-London

Schedule

 : Full-time 

 : 

Job Posting

 : 28-Sep-2021, 18:07:45 

Unposting Date

 : 29-Dec-2021, 04:29:00