- An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
- An understanding of organisational mission, values and goals and consistent application of this knowledge.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- An ability to perform independent analysis of complex problems and distill relevant findings and root causes.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative and actionable manner.
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
- Self-motivated and possession of a high sense of urgency and personal integrity.
- Highest ethical standards and values.
- Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and applicable laws.
- Excellent understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
- Experience of 3rd party/peer/regulatory/governmental information sharing and disclosure platforms and/or processes.
- Proven ability and experience of working in a high-pressure, fast paced environment where bold, time critical decision making is essential.
- Proven experience in crisis management, crisis response frameworks and communications.
About the role :
The Cybersecurity Incident Management and Response Team is charged with efficiently and effectively handling all information and cybersecurity incidents across the Group on a 24×7 basis.
The lead analyst will have a mission that is critical to the protection of HSBC customers, the HSBC brand, shareholder value as well as HSBC information and financial assets.
- Leading the response to major cyber security incidents across the globe, taking responsibility for the timely mitigation of cyber-threats and where possible, minimising further risk to HSBC’s information assets and services.
- Coordinating the actions of multiple business units during the response to cyber security incidents.
- Providing timely and relevant updates to appropriate stakeholders and decision makers during cyber security incidents.
- Managing the completion of post-incident reviews, assessing the effectiveness of controls, detection and response capability and supporting the required improvements with the responsible owners.
- Cultivating close working relationships with regional Cybersecurity leads, Business Information Risk Officers (BIROs) and Risk Managers whose support and knowledge are vital in delivering the remediation of security incidents
- Maintaining a strong awareness of technology trends and industry best practice, to enable the provision of informed advice and guidance to HSBC Business functions and HSBC IT.
- Developing, defining, validating and maintaining detailed processes and procedures to allow the consistent management of the response to cyber security incidents.
- Directly contributing to the continued technical enhancement of the security platforms.
- Leading the continued evolution of incident management and response capabilities and processes, including automation and orchestration.
- Training, development and mentoring of other members of the Incident Management and Response team, as well as other members of the Global Cybersecurity Operations function.
- Supporting a “self-critical” culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light in an effective manner and addressed.
- Supporting a culture of individual self-improvement whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly.
- Supporting engagement of Global Businesses and Functions everywhere HSBC does business that drives a global up-lift in cybersecurity awareness helping to “tell the story” of HSBC Cybersecurity efforts.
- Production of Management Information related to the CSIRT mission that is appropriate to the target audience, supported by data and experienced analysis enabling informed decisions.
Candidate requirements :
- 8+ years of experience in a senior incident management role.
- Extensive experience within an enterprise scale organisation; including hands-on experience of complex data centre environments, preferably in the finance or similarly regulated sector.
- Industry recognised cyber security related certifications including; SANS GSEC, GCIH and/or CISSP.
- Formal education and advanced degree in Information Security, Cyber-security, Computer Science or similar and/or commensurate demonstrated work experience in the same.
- Excellent knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.
- Good knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
- Good knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
- Good knowledge of common enterprise technology infrastructure, platforms, middleware, databases, applications and tooling, including; Windows, Linux, infrastructure management and networking hardware.
- Good knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
- Good knowledge and technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google