Make the Right Move and join a winning team! Build your career with us. HSBC - North America is part of HSBC Group, one of the largest banking and financial services organizations in the world. Our domestic strength and extensive global network provides our employees with the best of both worlds - the friendliness of a local organization and the resources of a worldwide network - for diverse experiences and challenging career opportunities.



As Senior Consultant Information Security, you will lead, develop, organize, manage and report on Sarbanes-Oxley (SOX) controls, testing, remediation for HSBC Technology and Services - IT Security owned controls. Develop and execute plans to ensure IT Security ownership and compliance to controls outlined by HSBC Group. Manage work effort to determine compliance, deliver evidentiary documentation. Act as an internal advisor on compensating controls. Broker clearly defined ownership of controls. Provide consultation as a subject matter expert to technology and business teams.



Contribute, as a project team member, to the execution of the information security risk assessment framework. Responsible for the role as Information Security’s SOX Coordinator. Lead annual review and continuous development of comprehensive information security operational risks, including internal NAIS team engagement and awareness, department lead/liaison to corporate testers, auditors, SOX committee and development of testing schedules and organizing internal resources to meet schedule dates for both new in-scope control tests and second generation control testing. Organization of evidentiary information for the purpose of re-use and consultation with other HSTU teams with responsibility for security controls. Training for internal NAIS team SOX and responsible to provide consultation to internal NAIS team on identification and execution of remediation plans. Development and maintenance of processing documentation and management reporting.



Complete implementation of Archer tool for SOX and improve awareness and understanding of security risks within the HBUS and HBIO businesses by providing training and consultation to Information Security personnel and BISO (Business Information Security Officer) Program personnel for recognition of risks and recommendations on action plans. Develop and execute schedules for routine updates to ensure timely knowledge of, remediation of and where necessary, escalation/notification of risks. Work with and support adherence to regulatory and compliance issues/concerns by ensuring topics are addressed properly.



Backup for North America Information Security audit and operational risk processes. Identify opportunities to create new/update existing information security standards as required. Contribute to HSBC board level reporting on security risk topics. Participate in other administrative functions in support of Management. Provide backup support for IT Security standards dispensation. Monitor the status of information security through participation in security reviews and risk assessments. Identify security exposures, recommends corrective action and proposes data security enhancements.



Contribute, as a project team member, to the execution of the information security risk assessment framework. Ensure compliance monitoring and internal controls are in place, including processes for management of operational risk, in accordance with HSBC and regulatory standards. Contribute to the positive working relationships with Technology Risk Management and Technology Compliance. Experience:

  • Will be required to travel 5-15% of the time
  • Provides after-hour and weekend support as required
  • Strong working knowledge of Sarbanes-Oxley Act
  • Familiarity with operations risk and knowledge of the GORDON database (Group Operational Risk data repository)
  • Strong working knowledge of HSBC audit concepts, information/IT Security functions and responsibilities
  • Knowledge of ISO 17799, FFIEC guidance on information security and Graham-Leach-Bliley Act
  • Awareness of risk assessment and management processes
  • Interaction with Compliance, Internal Audit, External Audit and Regulatory teams
  • Bachelor’s degree in business, risk management, management information systems, related technical field or equivalent professional level of knowledge and experience
  • Eight to ten years progressive technology, security and/or risk management experience
  • Minimum three years in information security
  • Strong demonstrated understanding of security principles, policies, and industry best practices
  • Security certification and/or project management certification is a plus
  • Excellent written communication skills using Word, Excel and PowerPoint
  • Excellent verbal communication and presentation skills
  • Strong project management, communications, technical planning, people and team management skills, particularly with project and cross-functional teams
  • Demonstrated ability to think quickly and take risks commensurate with responsibility
  • Ability to work with all levels of management and technical support to further the goals of the department
  • Expertise in negotiation skills, active listening, and building relationships
  • Experience working in a high-pressure environment
  • Ability to translate directions into actionable plans delivered on time and within budget
  • Ability to learn quickly and implement new technologies in a rapid, demanding, and changing environment, establishing realistic yet aggressive timeframes
  • Able to work with unproven/challenging new concepts
  • Desire to learn new and different approaches
  • Must possess a "can do" attitude, positive thinker

    HSBC Compensation
    HSBC is a pay for performance company with policies and programs designed to ensure all employees receive fair and equitable compensation based on performance. Our compensation program is designed to attract, motivat To Apply to this job go to http://www.GadBall.com or click here