Our Technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers.

Following extensive investment across our Technology and Digital domains and with plans for continued expansion throughout 2021 and beyond, we are currently seeking a Senior Analyst for “Threat and Controls Assessment”, to join the HSBC Cybersecurity team within Technology.

Brief overview of the business areas

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams – on premise, within the Cloud and resulting from 3rd party engagements.

What you will be doing;

The Threat and Controls Assessment Senior Analyst role will work as part of a global team to perform Threat Modelling on HSBC services.

This role will report into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.

Key Responsibilities:

• Perform effective threat and control assessments of services within our internal, external and cloud estate.
• Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps.
• Understand the Business requirements, evaluate potential products / solutions and provide technical recommendations.
• Be "hands on" with technology and contribute to the design, development and the support of projects with security recommendations.
• Identify threats across the IT estate; including applications, databases, network and other infrastructure components.
• Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.
• Contribute to process, procedures and tool identification/development.  

Qualifications

What you will bring to the role; 

To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:

• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way
• Have a positive and professional attitude, team player, flexible and adaptable, embraces change

• Knowledge and exposure of Risk and Control Management
• Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders
• Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications
• Proven experience in general security concepts and principles
• Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets
• Strong understanding of applications design and architecture
• Knowledge and experience with network, host and application security practices
• Good working knowledge of one or more of the Cloud Service Providers – AWS, GCP or Azure
• Strong understanding of Software Development Life Cycle (SDLC) with a focus on security
• Experience in continuous improvement and process optimisation.
• Strong stakeholder management and communications skills
• Ability to complete tasks independently to a high quality standard

The base location for this position is Sheffield, although other UK locations would be considered.

Come Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. 

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

As an HSBC employee, you will have access to tailored professional development opportunities and a competitive pay and benefits package.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.