Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.

We work in small, agile DevOps teams with colleagues around the world.

Following extensive investment across our Technology and Digital domains, we are currently seeking a number of experienced Threat and Controls Assessment Specialist to join HSBC Technology.

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams – on premise, within the Cloud and resulting from 3rd party engagements.

What you will be doing;

The Threat and Controls Assessment Specialist role will work as part of the global team to perform Threat Modelling on HSBC services.

This is a senior role reporting into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification.

Key Responsibilities:

• Perform effective threat and control assessments for complex services and platforms across the HSBC estate. This will include cloud platform reviews for Azure, AWS and GCP
• Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps
• Work with the CSAT management team to enhance the Threats and Controls Assessment Service.
• Stay up to date within the industry of new trends and best practices
• Provide supervision, guidance and mentor less experienced members of the global team
• Act as a point of contact and source of advice on issues relating to Cybersecurity within the team

Qualifications

What you will bring to the role; 

To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:

• Knowledge and exposure of Risk and Control Management
• Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders.
• Knowledge of different frameworks and methodologies including Threat Modelling using STRIDE and the MITRE ATT&CK Framework.
• Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications

• Expert hands on knowledge in one or more of the main Cloud Service Providers – Azure, AWS or GCP
• Proven experience in general security concepts and principles and application specific security concepts and principles.

• Proven experience working in a large scale, multi-national and technologically diverse environment
• Strong stakeholder management and communications skills

This role will primarily be based in Sheffield or another UK base location, some travel may be required.

Come Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of ethnicity, religion, age, physical or mental disability/long term health condition, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by local law in the jurisdictions in which we operate. Within the work place you will have access to various employee resource groups which aim to promote and achieve a healthy work / life balance and support our diversity ambitions.  HSBC has in place processes in order to avoid nepotism, which means to avoid creating circumstances in which the appearance or possibility of conflicts of interest may exist within the hiring process.

We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.