Cyber and Information Technology Risk Officer - HSBC Life
Hong Kong, Hong Kong

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

HSBC Life is a world-class institution where you can specialize in Insurance but enjoy the advantages that come with being part of a leading global international bank.

Insurance is about people, and the promises they make. At HSBC Life we help deliver on these promises by providing a wide variety of life insurance products and services to our clients throughout the Asia-Pacific region.

Our employees enjoy a dynamic and innovative workplace and a world of opportunities to develop their careers in a high-profile growing business segment.

We empower our team of high-performing individuals to build skills and explore new experiences to realize the full potential of being part of HSBC.

Together we pursue efficient ways of working. We harness the latest data and technology solutions to achieve meaningful outcomes for our clients.

The protection we offer creates broad and lasting impact, helping clients to be healthier, more productive and more confident in their futures.

We are currently seeking a high calibre professional to join our team as a Cyber and Information Technology Risk Officer.

Principal Responsibilities

  • Manage the Cyber and Technology Risk Control Framework Implement and maintain a framework of controls appropriate to HSBC Insurance HK, which are in line with the business’ risk appetite
  • Implementation of Systems and Data Integrity controls
  • Implementation of global Insurance risk management strategy working with the Group Insurance CITRO, and the RBWM AMH CITRO to implement the relevant Cyber and Technology risk strategies as they apply to the HK insurance business.
  • The CITRO has a role in collaborating with IT, Information Security Risk, Cyber Risk and Systems and Data Integrity risk professionals in order to support the HK Insurance business, driving consistency and high standards

  • Oversight of Third Party Risk working with departments across the business to ensure third party risk is appropriately assessed and managed.
  • Ongoing monitoring of MI to ensure that periodic activities such as re-assessments, attestation etc. are on track. Maintaining the entity specific Outsourcing policy

  • Incident escalation and management working with various stakeholders in the business as well as supporting functions to ensure system and third party related incidents are escalated in a timely manner.
  • Support the remediation of incidents, review and challenge the root cause analysis as well as the remedial actions to ensure incidents are appropriately addressed and impact is minimized

  • Establish and maintain strong working relationships with stakeholders develop strong relationships with Group Insurance and RBWM stakeholders, as well as global functions in the first, second and third lines of defence
  • Identify and manage the information security risks within the business
  • Continuously and proactively monitor established information security risk controls against new and emerging information security risks
  • Provide regular reporting to senior management on risk and project progress, as required
  • Engage business / department management to ensure ownership and remediation of internal / external audit and regulatory requirements pertaining to information security, third party and data risk, as required
  • Assess whether new business projects / initiatives impact Data, Technology and Cyber Security as well as Third Party Risk.
  • Ensure adherence to relevant policy and regulatory requirements and raise awareness of the need to remediate any identified issues

  • Owning information security risk control monitoring process and delegation of control monitoring activities as appropriate
  • Leading actions to identify, resolve and investigate the root cause of incidents and take actions based on lessons learned
  • Demonstrate a wide and deep understanding of business areas at the appropriate level and Group requirements detailed in Group Standards Manuals (GSM), Functional Instruction Manuals (FIM), and applicable standards
  • Requirements

  • Excellent communication (both verbal and written) and interpersonal skills
  • Confidence to interact with the senior management at all levels
  • Proven project and risk management capabilities with a focus on resolving complex problems;
  • Effective matrix management skills in multi-cultural environments
  • Organised and autonomous
  • Practical knowledge of Information Technology, Information Security and Cyber Risk Concepts and Frameworks
  • Degree holder with previous experience within the Cyber or Information Security space either within or external to HSBC
  • Has one or more of the following Information and Cyber Security industry recognized qualifications : CISM, CISA, CISSP or CRISC
  • Proficient in Microsoft Office, strong Excel and PowerPoint skills
  • You’ll achieve more when you join HSBC.

    http : / / / careers http : / / / careers

    HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment.

    Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

    Issued by The Hongkong and Shanghai Banking Corporation Limited.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。