Oferta pracy

Senior Control Manager, Technology Control, WPB

HSBC Service Delivery (Polska)O firmie

Rekrutacja zdalna

Rekrutacja zdalna

To wyróżnienie ofert oznacza, że cały proces rekrutacyjny jest prowadzony zdalnie. Dowiedz się więcej
Rekrutacja zdalna

HSBC Service Delivery (Polska)

Kapelanka 42

Kraków

Senior Control Manager, Technology Control, WPB

Role Purpose

A key contributor within the Global Chief Control Officer (CCO) Function that directly supports the Group’s Chief Operating Officers (COO) within HSBC, one of the world’s largest banking and financial services organisations. The purpose of the CCO function is to enable our colleagues within HSBC Operations, Services and Technology (HOST) to deliver a safe and secure service to all our customers, colleagues and the Bank itself.

This role will provide expertise in relation to Technology’s management of its control environment within the context of the Operational Risk Management Framework.

The primary objectives of the role is to:

  • Oversee the end to end health of the Wealth and Personal Banking (WPB) IT control environment (WPB product / value streams, CTO function, as well as Cyber, Architecture, and Data)
  • Lead audit (internal and external) and risk related regulatory engagement as the technology controls SME
  • Instigate and manage initiatives to drive improvements to the Technology control environment including the effective design of material controls
  • Partner with the CIO management team to create effective design, analysis and remediation of control measures
  • Provide risk and controls consultancy, advice and guidance to the CIO team
  • Lead the application and critique of the Technology risk and controls framework
  • Ensure the appropriate application of policies control standards and procedures
  • Member of relevant governance forums, Audit and regulatory reviews etc
  • Advocate the desired behavioural changes across the CIO community required to mature the understanding and management of technology risk controls
  • Participate in strategic control framework workstreams.
  • Active collaboration with other CCO Tech team

Principal Accountabilities:

Impact on the Business/Function

CCO Execution

  • Partner with the CIO and their management team providing risk and controls consultancy, advice and guidance
  • Operating as a Subject Matter Expert Role for the Risk Management Framework
  • Work with Technology to support internal and external Audit and risk related regulatory engagement

Control Expertise

  • Influencing, explaining and managing effective design, analysis and remediation of control measures
  • Work with Technology to create an effective design and efficient operation of
  • Accountable for the deployment of the Operational Risk Management Framework
  • Responsible for identifying emerging risks and threats and deficiencies with deployed key controls
  • Opine on control environment, form risk assessments, provide advice on remediation plans

Governance

  • Implement robust governance in relation to risks and ensuring all stakeholders have visibility of key risks and remediation activity
  • Ensure Technology remains within its risk appetite
  • Work with Technology to design and deploy key controls, key control indicators, evidence requirements and tools to ensure control effectiveness
  • Validate control measures include RCA, KRIs, KCIs, control operation, test approaches, reviews, audits, judgment based attestations, supplier audits, sampling of supplier procedures

Customers / Stakeholders

  • Engage the key stakeholders to promote positive behaviour and actively manage risk
  • Work closely with Technology to develop and monitor risk remediation program activities and actions to ensure delivery within acceptable timelines
  • Focusing on Technology top risks and threats, including new/emerging top risks, to ensure they are fully understood and that controls that mitigate these risks (key controls) are effective, efficient and where possible automated, rather than being comprehensive
  • Responsible for embedding risk and control management framework

Leadership & Teamwork

  • Role model a positive internal risk and control culture across Technology teams and shape the climate, tone and environment in which people work
  • Make considered decisions that protect and enhance HSBC values, reputation and business
  • Oversee the execution and remediation of thematic reviews / investigations / compliance reviews in response to internal or external events within Technology

Operational Effectiveness & Control

Apply and critique Risk & Control Framework by:

  • Working with Technology to define and apply Technology Risk & Control standards and processes in order to drive consistency across Technology
  • Partner with Technology to identify, measure, mitigate, monitor and report Technology’s top risks (including new/emerging top risks)

Apply and critique definition and application of policies, control standards and procedures by:

  • Working with Technology to influence definition of policies and control standards
  • Implementing clear policy framework across dispensations and waivers

To innovate and enhance the control framework and contribute towards reduction of findings noted in Audits, Internal Control reviews, 2LoD reviews, etc.

Role Context:

  • Demonstrate a high degree of knowledge across the following frameworks and methodologies covering IT Risk (risk assessment, control frameworks and KCI’s, Issue/Action management), Software Development Lifecycle (Agile, DevOps, Business Transformation Framework, Project Management), and IT Service Management.
  • Advise on new projects and products identifying key potential Risks and make recommendations to address them
  • Knowledge and experience within Retail, Wealth & Private Banking (products, services, infrastructure) helpful but not required.
  • Understand how IT controls and relate to business risk, and how control remediation mitigates residual risks for Wealth and Personal Banking.
  • Ability to drill down to root cause and write/review clearly articulated risk documentation
  • Able to analyze complex situations, influence strategies with practical, effective solutions
  • Understanding of application and technology control design e.g. SOX testing, payments security, PCI etc

Observation of Internal Controls

The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.

The jobholder will implement the Group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.

This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators.

Qualifications/Experience & Knowledge:

  • At least 10 years relevant experience preferably within a IT risk management related role
  • Relevant working experience in Financial Services industry or IT / Risk Consultancy, or Audit
  • Strong knowledge of Non-Financial Risk, more specifically Information, Technology & Cyber
  • Interest or proven experience in Operational Resilience
  • Persistent, resilient, and resourceful; able to adapt to a complex and dynamic organisational environment
  • Open personality with effective communication skills
  • Lead and coordinate with colleagues and key stakeholders in an international team;
  • Effective use of collaboration tools such as Sharepoint, Confluence, JIRA, and OneNote.
  • Knowledge of HSBC corporate systems used by IT risk management, e.g. HELIOS, ARAMIS, EIM, PLADA, COMET, SCOTT would be plus
  • Complete presentations, training and lead workshops
  • Planning and project management skills
  • Ability to work independently with limited supervision
  • Communication - Ability to present complex issues confidently and concisely to Technology and HOST Senior Executives and other key stakeholders using non-technical easily understood language
  • Make considered decisions that protect and enhance HSBC values, reputation and business
  • Degree in information security, computer science or computer engineering qualifications desirable
  • Certifications CISA, CISM, CISSP, CRISC, COBIT or ITIL desirable

We offer:

  • Stable job in professional team
  • Interesting career path in an international organization
  • Private health care, employees’ benefits
  • Courses & training for our employees
  • Modern office buildings near the city center of Kraków
You'll achieve more when you join HSBC.
To apply for this position send your CV in English using „Apply now” button.
We thank all interested candidates for their applications. We reserve the right to contact only selected candidates.
Applications sent to us will be taken into consideration only if they include the following statement:
I hereby declare that I have familiarized myself with the Privacy Statement for Applicants published at http://www.about.hsbc.pl/careers and I hereby give consent for personal data included in my application to be processed for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).”
In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: [email protected]

Ogłoszenie archiwalne

Pracodawca zakończył zbieranie zgłoszeń na tę ofertę

Aktualne oferty pracodawcy