GSC: (HTP: Cybersecurity Global Defence) Cybersecurity Head of Proxies and

at  HSBC

SOME CAREERS SHINE BRIGHTER THAN OTHERS.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
Your career opportunity
Global Defence Engineering is responsible for fielding solutions that help defend HSBC against a wide range of threats to the business as well as its customers, clients, partners, and staff. The team works in concert, with partner teams across HSBC, to implement novel defensive capabilities that are effective and adaptable against a constantly evolving threat landscape. The function operates under the vision: “Enabling HSBC to be safely successful everywhere the Firm chooses to do business”.
The Head of Proxies and Remote Access is responsible for developing and leading strategies to enhance forward and reverse proxying of network traffic into and out of HSBCs network infrastructure, as well as remote access for colleagues and 3rd parties remotely accessing the HSBC network. The role ensures the implementation and management of comprehensive internet proxy, content filtering, and remote access/B2B VPN solutions, that underpin a number of key cybersecurity controls moving forward. The role will involve significant collaboration throughout HSBC. This position requires strong technical expertise, strategic vision, and strong leadership and communication skills to ensure success.

WHAT YOU’LL DO

• Define and deliver vision, strategy & roadmap of the Capability.
• Prioritise teams’ backlogs based on objectives & value released to identify what teams work on next.
• Lead definition of scope and prioritisation of user stories to be developed in teams, including acceptance criteria/definition of done.
• Lead vendor relationships with owned technologies.
• Interact with stakeholders across the organisation to understand their security needs and expectations.
• Evaluate and adopt new technologies and practices which may impact the control environment.
• Monitor and communicate progress of capability performance through agreed KPIs and metrics.
• Run a Pod per L2 capability with Architecture, Engineering, Service Delivery, Control Owner, Program Manager and Product Management.

WHAT YOU NEED TO HAVE TO SUCCEED IN THIS ROLE

• Strong stakeholder management skills, with experience of understanding and meeting the needs of multiple stakeholders. Demonstrated leadership experience with large, complex programmes, and deeply technical global expert teams. Seasoned technology leader with rich experience of leading engineering teams, supporting a group of platforms / services comprised of a mix of technologies and tools. Ability to influence beyond his/her department and to lead transformation initiatives to change behaviours and mindset which makes the bank better. Experience leading high performing teams of cybersecurity subject matter experts.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner. Proven ability to collaborate across industry, academia, and government to solve complex cybersecurity problems. Experience working in a highly regulated, large multi-national environment.
• Likely from a technology or engineering background with developed understanding of Technology Delivery Lifecycle, engineering practices, underlying infrastructure, tooling, and architecture & design principles. Engineering experience in a large enterprise. A background in information systems, technology, architecture, design, and service delivery of defence-in-depth capabilities.
• Excellent understanding of cybersecurity principles, global financial services business models, as well as regional compliance standards, relevant local regulations, and applicable laws. Understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, GDPR, Global data security and privacy acts, FFIEC guidelines, CIS and NIST standards. Strong commercial background and knowledge of cybersecurity offerings.
• Deep SME knowledge of network security, including capabilities aligned typically to firewalls and other networking technologies that control traffic flow by policy.
• Experience working within Cloud, SaaS and emerging cloud use-cases for web/mobile and enterprise companies. Specific background knowledge cloud technologies including Amazon Web Services, Google Cloud Platforms and Microsoft Azure.
• Product owner experience. Experience in a product owner or technology strategy role in a large enterprise. Experienced in owning a capability, technology, or platform together with the responsibilities associated with running a team of up to 20 individuals.