Business: Risk and Compliance Assurance Services (RCAS) Open positions: 1 Role Title: Manager, ITCS, Controls Assurance, RCAS, GSC’s Global Career Band: 6 Location: Bangalore/Pune Recruiter Name: Geetika Gupta Why join us? The Group’s Risk Management Framework (RMF) requires independent Second Line Assurance of the management of material risks and controls across HSBC’s non-financial and financial risk taxonomies. The RCAS function provides a significant proportion of this assurance. Via its industry-leading centres of excellence, RCAS delivers innovative assurance solutions for and on behalf of HSBC’s Risk Stewards and peer assurance teams. Controls Assurance (CA) reports into RCAS and is responsible for assuring the risk management of critical business processes and specified non-financial and financial risks across the Group, principally by testing mitigating controls. This is achieved by building out a centralised offshore capability that will deliver agile, insightful, and cost-efficient assurance. CA also provides a resource augmentation service to other assurance teams within the Bank, becoming a vehicle to effectively manage assurance costs and resources. Also, CA works together with the RCAS Automation and Analytics team to develop, test and deploy their Continuous Assurance objectives. CA provides assurance across various Non-Financial and Financial Risks within all HSBC territories and divisions. These include, to differing extents, Operational and Resilience Risk (ORR), Model Risk, Wholesale Credit Risk (WCR), Retail Credit Risk (RCR), Insurance Risk, Financial Crime Risk (FCR) and Regulatory Compliance (RC) Risk. Specifically, CA has a mandate to provide the following key assurance services: Process-led assurance – assuring the design, operation, recording and monitoring of key controls and expected risk management outcomes within agreed critical business services across the Group Risk-based cyclical assurance – assuring the above for specific risk taxonomies Entity Control assurance – assuring the design, operation, recording and monitoring of key controls designated by entity-level reporting frameworks across the Group (e.g., SOX, ELCs) Resource augmentation – Temporarily providing staff to non-RCAS assurance teams to support their assurance activities Work in alignment to the Integrated Assurance Framework (IAF) CA is principally comprised of Control Testing Utilities (CTUs) executing this assurance work. These CTUs are principally based in Global Service Centres within India, China and Poland, and are staffed with assurance specialists with expertise across the range of risks being covered This role will report into the VP / AVP, TCSD, Controls Assurance, RCAS (GSC Country location name) and will be responsible for delivering assessments of key control activities of Technology, Cyber Security and Data (TCSD) risks within ORR, in accordance with CA procedures and the assessment plan. The role holder will be required to support the VP, TCSD (GSC Country Location Name) in leading or working with a team to assess the effectiveness of controls relating to the TCSD risks and identifying and raising issues where control gaps lead to material unaddressed risks. At a high level, the role holder will be responsible for the following: Evaluate a portfolio of controls for design effectiveness, operating effectiveness and/or risk management outcomes, raising issues as appropriate. Customise and localise standard test scripts and then evaluate assigned controls for design and operating effectiveness, raise issues as appropriate. Ensure that assigned control assessments are accurate, effective, abide by CA and RCAS methodology, procedures, and templates, and meet quality control requirements and are delivered on time, in accordance with the CA assessment plan. Supervise the delivery of assigned control assessments not limited to System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Change Management, Incident Management, Recovery Management, Software Development Lifecycle (SDLC), and other general controls; using experience and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. Manage control owners and other stakeholders, ensuring the success of each assigned reviews, minimising contention where possible and requesting support, where deemed necessary. Manage the documentation of distinct control types, covering key aspects, such as remit, main processes, and handovers to other teams. Apply judgement and risk management concepts to identify, formulate findings and provide valuable insights to the TCSD control owners to improve processes and manage risks to achieving operational and strategic goals Ensure that issue owners complete sufficient root cause analysis for all material issues and have appropriate remediation plans in place Support the Head of Control Assurance (GSC Country Location Name) in fulfilling CA responsibilities as required, including budget management, resourcing, and feeding into the development of procedures and templates. What you’ll do: Principal Accountabilities: Key activities and decision-making areas Impact on the Business Ensure the accurate, efficient, and timely completion of independent control assessments for controls associated with TCSD risks as required by the function. Ensure the quality of work delivered is up-to-standard and ensure compliance with CA and RCAS templates, procedures, and quality requirements. Understand and document the remit, process composition and team handovers of relevant controls. Identify key emerging trends and themes in relation to assigned and relevant risks to inform the CA assessment plan and the continuous development of CA & RCAS methodology and procedures. Typical Targets and Measures Execution and delivery of a portfolio of control assessments. Accurate, timely and reliable testing of controls associated with TCSD risks. Ensure a consistent approach to CA testing activities across all LoBs for TCSD risk themes outlined by the function, in accordance with standardised procedures. Meeting agreed regulatory deadlines and targets. Support the production of high-quality management information (MI) covering CA activities. Increased utilisation of automation and analytics across all CA assessments. Customers / Stakeholders Work closely with first line operations teams to understand the processes of assigned controls. Build strong relationships with all internal stakeholders, adopting a joined-up approach to the execution of tasks with minimum conflict, while ensuring the independence of CA. Ensure that executive and senior management in the business, function and Compliance are advised of matters arising, and emerging trends, from assurance reviews and analysis. Provide stakeholders with insight into CA activities, where required and support the VP / AVP in aligning standards with the Integrated Assurance Framework. Typical Targets and Measures Effective stakeholder management, ensuring constructive assessment outcomes. Facilitate regular meetings with stakeholders and senior management. Outputs (presentation decks, papers, reports, and guidance for the function) are clear, accurate and concise. Leadership & Teamwork Work as part of a team, able to collaborate to accomplish common goals. Perform assigned control assessments, taking responsibility for their successful delivery. Operate to a high standard, in alignment with HSBC Values, leading by personal behaviour and through your interaction with others. Embrace the high-performance culture through proactive engagement and collaboration. Communicate effectively across CA, delivering testing results and raising issues as appropriate. Typical Targets and Measures Drive a high-performance culture through attendance at team meetings and 1:1s with line manager. Maintain personal objectives set consistently across day-to-day activities. Share best practices and highlighting issues across the TCSD risks within ORR, and other relevant functions, as appropriate. Operating Effectiveness & Control Able to work independently with minimal supervision. Provide support in developing CA procedures and templates, in collaboration with Controls Assurance Coordinator (CAC), Professional Practices (PP), Automation and Analytics and relevant SMEs, ensuring high operating standards within the division. Provide support on any ad-hoc projects and assessments as requested by the VP/AVP. Drive high operational standards within the team and avoid high risk findings from Internal Audit or other internal/external Assurance teams. Be innovative in executing all responsibilities and providing solutions to complex issues in a dynamic, high-risk environment. Typical Targets and Measures Observation of line manager and feedback from key stakeholders. No high-risk issues from Internal Audit reviews directly relating to CA. Delivery of assurance activities as per the agreed plan and procedure requirement. Major Challenges Assist CTU in delivery of high-quality controls assessment in a designated timeframe. Understand the underlying risk types mitigated by each assigned control, identify control gaps through operating effectiveness testing and raise issues as appropriate. Determine innovate ways of testing controls in a precise and efficient manner, harnessing analysis of data where possible. Be attuned to the political, management, operational, regulatory, and reputational implications of particular decisions and courses of action. Assist management in development of controls and systems and influencing the way in which business is conducted in order to manage these risks. Managing the demands of the multiple and diverse aspects of the role. Role Context The role holder will require specialism in managing and/or assuring TCSD risks and controls, across the following activities (with specialism in many being advantageous). IT Asset & Inventory Management Architecture Management Change Management Deployment Management System Data Integrity Software Development Lifecycle Security Awareness & Training IT Protective Security Technology Network Resilience Network Security Data Asset Protection Data Security IT Operations Management Logging, Monitoring, and Alerting Security Assurance Cyber Event Detection Vulnerability Management IT Service Continuity Management Incident Response and Recovery Identity & Access Management The role holder will be required to lead on a portfolio of CA control assessments, potentially covering all business lines, functions, and geographies. The role holder will support the VP TCSD / Head of the CA in ensuring that the CA assessment plan is executed as assigned, meeting HSBC risk management requirements and regulatory expectations, providing risk stewards, control owners and senior management with up-to-date information regarding standards of compliance with financial crime and regulatory compliance rules within the organisation. The role holder is required to work with considerable autonomy, dealing with issues for which there is no obvious solution while still being able to provide judgment and clear direction. The role holder is responsible for ensuring that the assurance standards in the division are in accordance with the CA guidance, Group Standards Manual and Functional Instruction Manual (FIM). Management of Risk (Operational Risk / FIM requirements) Be acutely aware of the operational risks associated with business activities, considering changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology. The role holder is responsible for ensuring that they and any others they supervise operate in accordance with CA standards. Observation of Internal Controls Maintains HSBC internal control standards, including timely implementation of internal and external audit actions together with any issues raised by external regulators. To assist in the discharge of accountabilities set out in the relevant FIMs by proactively assisting Risk Stewards and Control Owners in their responsibilities. Requirements What you will need to succeed in the role: Minimum of 2 years proven experience in Assurance, Testing, Audit, or consulting roles for IT / Cyber / Data either in second or third line of defence capacity. Experience in auditing / testing operating systems, databases, networks, security systems, cloud services and other general controls; Change Management, Incident Management, Recovery Management and SDLC Experience in IT control frameworks (COBIT, NIST CSF, ISO 27001, ITIL). Ability to lead and individually contribute to assurance reviews to measure the banks technology and cybersecurity controls against these framework requirements as applicable Minimum Bachelor’s degree in related field and /or professional Certifications related to Technology/Cybersecurity Risk (e.g., CRISC, CGEIT, CISA, CISM, CISSP Proven organisational, planning, interpersonal, managerial, analytical, problem-solving, decision-making, and team building skills. Ability to exercise discretion, work independently within broad guidelines, tactfully handle sensitive and confidential data and complete assignments timely with a professionally inquisitive adaptable and innovative mindset. Ability to manage conflicting priorities effectively and proven ability to meet challenging deadlines. Experience working with local and regional stakeholders and an understanding of global standards of quality and the ability to work with different cultural groups and build consensus and rapport. Experience utilising data analytics tools and techniques (desirable) Requires understanding of the changing regulatory landscape regarding TCSD functions within the banking industry. Fluent in both oral and written English. You’ll achieve more at HSBC HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.” Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website. Issued By HSBC Electronic Data Processing (India) Private LTD