Cyber Security Manager
- CDI, Plein-temps
- HSBC Bank plc, Luxembourg Branch
- 18 oct. 18
Cyber Security Manager
HSBC Holdings plc, the parent company of the HSBC Group, is headquartered in London. The Group serves customers worldwide from around 3,900 offices in 67 countries and territories in Europe, Asia, North and Latin America, and the Middle East and North Africa.
With assets of US$2,526bn at 30th September 2017, HSBC is one of the world’s largest banking and financial services organisations
HSBC provides a comprehensive range of financial services through four global businesses: Retail Banking & Wealth Management; Commercial Banking; Global Banking and Markets; and Global Private Banking.
The HSBC Group in Luxembourg is a significant employer and operates several businesses including asset management, securities services, private banking and corporate banking.
In order to strengthen our IT Security team, we are looking to recruit a:
Cyber Security Manager
Role and Responsibilities:
The Country Lead will have direct Entity and Functional Line Management of in country Cyber Security and Identify and Access Management (IAM Ops) resources which serves as a first line of defence function ensuring that HSBC’s electronic assets are monitored, managed, accessed and protected effectively.
Reporting to the local Head of IT, the role covers all entities of HSBC in Luxembourg.
Country level day-to-day IAM and Cyber security activities. Determine risk prioritisation, remediation requirements and overall security posture in line with local regulatory and business requirements. Maintain in-country stakeholder relationships i.e. relevant technology teams, business management, compliance, risk and third party management etc.
The Country Lead is responsible for leading Cyber Security and IAM Ops activities, including but not limited to;
Governance, Risk and Compliance:
- Security Standards & Compliance: Standards awareness, training and methods.
- Governance, Metrics & Reporting: IAM and Cyber security Governance. Security metrics management. Executive reporting.
- Regulatory & 3rd Party Management: Regulatory Governance. Regulatory control mapping and mgt. Regulatory engagement. Regulatory Evidence management. Response to Third Party Questionnaires / Due Diligence.
- Control & Issue Management: Audit & Issue Tracking & Oversight. Control Environment Oversight & Support. Security testing remediation tracking and oversight.
- Cyber Training & Awareness: Cyber Communications Awareness for business and staff. Mandatory training Annual Review. Dedicated training for executives, business and staff.
Technology and Operations:
- Programme Delivery: Implement Cybersecurity transformation projects.
- Data Leakage and Prevention.
- Involvement in the deployment and management of local security tools and IT infrastructure.
- Monitoring and Detection: Maintain visibility across the estate (SIEM). Apply intelligence-led approach to detection of threats. Investigation and analysis of security data. Drive increased quality of alerting (limiting false positives). Manage security matters within defined SLA. Manage control monitoring dashboards.
- Incident Management and Response: Manage and coordinate the communications and engineering response to information security incidents. Maintain management information related to realised incidents, control effectiveness, recommended control adjustments etc.
- Client Engagement and Support: Drives security discussion with internal clients. Responsible for Management Information production and reporting. Programme management office, Drives all agenda items with partner groups and clients.
Identity and Access Management:
- Creation, deletion, modification and password reset of system and application accounts. Request workflow maintenance. Manage requests within defined SLAs.
- Privileged Access Management: On-boarding and maintenance of accounts into a PAM solution. Maintain PA inventory.
- User Access Reviews: Periodic Recertification. Transfer Reviews. Segregation of Duties Review.
- Logging and Monitoring: Maintain visibility across the estate. Investigation and analysis of security events.
Experience and skills required:
• Bachelor Degree or equivalent and/or experience in an information security governance and operational processes.
• Relevant experience in an Information Security, Risk management or IT Audit
• Qualifications - desirable but not essential one or more; ISO270001, CISA, CISM, CISSP, CRISC.
• Ability to quickly develop good working relationships with stakeholders.
• Ability to operate in matrix structures with multiple stakeholders and in a multicultural environment
• Customer focused, engaged, dependable and motivated
• Excellent communication and interpersonal skills.
• Fluent in English, French in an asset
If you want to work in our challenging and multicultural environment and be part of a global team, please send your application letter and curriculum vitae (in English) to: firstname.lastname@example.org
HSBC in Luxembourg strives for true diversity in its workforce and as such we are an equal opportunities employer and positively encourage applications from all suitably qualified candidates.
Please note that due to the volume of applications received, we will acknowledge your application only if we wish to proceed to interview. If you have not received a response within 4 weeks your application has not been successful.
Please also note that every selected candidate will have to provide us with a valid criminal record check in due time.