Job DescriptionThe health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (2019-nCoV), we're leveraging our digital capabilities to ensure we can continue to recruit top talent at HSBC. As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey. If so, one of our Resourcing colleagues will explain how our video-interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions you might have.Some careers have more impact than others.
If you're looking for a career where you can make a real impression, join HSBC and discover how valued you'll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
HSBC Digital Business Services is a pivotal part of the Group, providing essential operational and technical support to our global businesses and helping improve customer service and efficiency. Digital Business Services combines global expertise and technology to help keep us ahead of the competition.
We are currently seeking a high calibre professional to join our team as a Global Head of Identity and Access Management
HSBC is organized by a number of lines of business and global functions.
Identity and Access Management (IAM), in the first line of defence, serves as the focal point in Cybersecurity for access related activities ensuring that HSBC's electronic based assets are monitored, managed, accessed and protected effectively so that only those people with a legitimate business need can access or modify them, when they need to do so.
Reporting to the Global Head of IAM, the Head of IAM Engineering role covers all aspects of engineering activity within IAM. Working within IAM, the role holder will ensure that the controls implemented must also be monitored for completeness, performance & efficiency.
Responsible for the running of IAM Engineering across all countries in which HSBC operates. IAM Engineering manages and supports the infrastructure software that delivers the staff-facing Identity and Access Management (IAM) controls for the organization. These controls enable, monitor and recertify staff access to workstations, servers and applications, including standard and privileged access. The technology ensures staff have the correct access, and only the correct access, required to perform their duties.
Role ensures the service is world class from an SLA, commercial and regulatory perspective attracting Identity and Access Management engineering professionals to the domain and building on our existing talent. Responsible for the strategy of all IAM Engineering products and the operating model to meet the IAM control demand of all the businesses the department services across all GBGFs.
The job holder will build and develop a global IAM Engineering team to deliver access management including authentication, authorization, monitoring and privileges across all the Bank's system boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. Driving the ethos and practice that only the business will truly be able to determine the appropriateness of an individual being granted access to their data and therefore a focus will be placed on enabling the business to review and approve access to their data. The job holder will also ensure that all access where possible, must be granted without IT intervention and be centred on a single identity system.Key AccountabilitiesImpact on Business
Customers / StakeholdersCustomer focus:
- Keep building on the talent in the department and create a culture that attracts, retains and nurtures talent
- Establish a clear strategic direction for the services the department operates including business and stakeholder requirements and that aligns to the overall vision and business strategy whilst maintaining P&L targets.
- Clearly communicate objectives and supporting plans to infrastructure teams and our businesses.
- Manage all service and SLAs offered to the business, ensure these are declared in a clear and concise service catalogue, measured and reported.
- Manage all service risk and security requirements, escalating where there are gaps and delivering tactical and strategic remediation plans.
- Provide steerage for incident escalation, directing resource and escalation as required.
- Build best practice for software development and continual improvement processes
- Deliver process improvement and automation through constant review both internally and best practice in the market.
- Represent the service to the business risk and compliance contacts.
- Work with external partners who provide maintenance service to the department for all products, establishing and maintaining effective governance to ensure contractual commitments are met.
- Work with internal functions to ensure the procurement of product that serves the business is at industry leading price point with effective contracts.
- Work with internal finance function to manage profit & loss, headcount, capital expenditures and operating expenditures for the domain. Identify opportunities to reduce direct expense on a sustainable basis.
- Work with the practice leads in collaboration to ensure the practice definition and associated standards meet real world demands.
- Work with Cloud domain and help to build effective technologies to deliver on cloud first strategy.
- Be accountable to the regulators for data platform services and ensure cybersecurity protection is delivered and maintained.
- Ensure the technology deployed is being used appropriately and effectively and delivering effective management information to the business lines to show utilisation and cost save opportunities.
- Work with the business lines to demonstrate how to optimise database usage in a cost effective manner.
- Maintain a book of work for engineering that delivers customer needs on time and to budget.
- Provide thought leadership on IAM Technology strategy and engineering
- Maintain the evergreening of the estate including patching within corporate guidelines.
- Engage with SOx IT Controls, Internal Audit and PWC to ensure compliance of the IAM controls to agreed policy
Strengthening stakeholder relationships:
- Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to utilize IT services to improve business operations.
Understanding markets and customers:
- Work in partnership with the Practice leads and practice heads to ensure all standards meet the needs of the department and initiate change to adopt them where required.
- Work with GB/GF Heads of IT to represent the department, its values and technologies. Ensure their services, cost optimisation opportunities, and business needs are met.
- Build strong relationships with procurement, legal and cost management to ensure the procurement of service meets the needs of HSBC and the domain customers
- Delivery of value for the organisation and compliance across the full set of IAM controls
- Work with other department heads on cross functional initiatives that deliver value to the end consumer, be open and transparent and work as a team.
- Build strong relationships with architecture on any strategic initiatives and deliver a strong strategy for the department that works with the other areas of infrastructure, and takes into consideration smaller region needs.
- Enhance key relationships, using rapport-building expertise and appropriate influencing to add value beyond the initial scope, increasing stakeholder advocacy. Maintain key relationships to include external account managers for third party suppliers and vendors, along with other counterparts across the globe and supporting functions
- Accountable for managing key supplier relationships related to the department.
Leadership & Teamwork
- Cultivate strong relationships within the organisation and high value stakeholders with a tailored approach.
- Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.
- Manage department relevant sub-set of jobs within global job catalogue.
- Continual improvement of key process and controls to deliver simpler, better and faster.
- Bring together all functions in department creating a team ethic and ethos meeting and/or exceeding the core behaviour expectations of HSBC.
- Manage a central and globally deployed team of experts to support all businesses.
- Define learning & development plans for all talent building a strong talent base of resources provide support on defining the standards of pay and reward.
- Responsible for defining domain wide OKRs.
- Building a robust executable technology and people strategy for the department by collaborating across customers, architecture, risk, Practice heads, Cybersecurity and other technology leaders.
- Build a strong team ethos and collaboration across the GB/GF Practice teams.
- Ensure a build once deploy many ethos from engineering maintaining strong measureable standards that meet the needs of customers, Cybersecurity and other technology leaders.
Operational Effectiveness & Control
- Ensure SLAs are defined in a service catalogue, measured, met and reported on to the business in a clear and transparent way.
- Introduce effective measures and continuous improvements objectives to manage the operation of the department consistently across the group.
- Ensure the FIM control standards are reflective of the domain, met or exceeded, be able to demonstrate compliance.
- Manage operational risk effectively, reporting on areas of concern in line with corporate values. Remediation plans are realistic, funded and met.
- By building effective governance ensure partner organisations deliver or exceed SLA and service expectations, delivering against expectations and contractual commitments.
- Meet budget and headcount expectations and deliver on all key programs meeting quality, time and cost objectives realising benefits.
Management of Risk
- Budget. Directs the prioritisation of spend, ensuring value for money, balancing cost vs benefit
- Internal and external relationships. Global responsibility for a significant part of one of IAM functions.
- People. Functional responsibility for people, expense, strategy and operation.
- Regulatory. Develops procedures and policy in the context of IT frameworks. Collaborate with Regional peers to ensure compliance and adherence to regulations and policy
- Strategic Input. As strategies evolve for IT and Cybersecurity and for the Sub-Function, ensure they remain congruent with each other and the Bank's strategy. Manage challenges where 3rd parties (internal and external) goals and strategies are not entirely aligned, seizing the opportunities these differences present.
Observation of Internal Controls
- The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
- The jobholder will also continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
- This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with the Head of IAM.
- Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
- The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
- This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators.
- Managing a global team sourced from the main regions and technology centres
- Responsible for more than 50 IT Services many of which are global implementations supporting the whole of the organization and a mix of tier 0, 1 and 2
- Providing 24x7 and follow-the sun support for the critical systems
- Developing the IAM technology strategy jointly with Cybersecurity Architecture
- Turning the strategy into reality through adequate planning and focus
- Ensuring clear line-of-sight for the Bank's IAM Controls between requirements
- Effectively engaging with all GBGFs through an efficient and transparent engagement model
- Providing training, career progression and succession planning across all the key roles in the platform
- Understanding best practices and technology developments as they pertain to IAM engineering technology
- Working with relevant vendors on roadmaps and new product features
- Managing the RTB and CTB delivery priorities in an effective and cost controlled manner
- Internal relationships extend to peers across other functions within ITID, Cybersecurity, Operational Resilience Risk, DBS and externally to HSBC global businesses, and will also include external relationships with vendors, typically Audit Legal, and Technology where the need arises.
- Regulatory. Drives Implementation, Governs Risk Responsibly, Promotes ethical management of risks, communicates changes in policy and governance effectively, Ensures in country regulatory processes and procedures are adhered to.
- Strategic Input. Monitoring the Strategy.
QualificationsKnowledge and Experience
You'll achieve more when you join HSBC.
- Typically educated to degree level
- Experience in a managerial role within an IT/Cybersecurity or related field, including experience of managing a global function with a geographically dispersed team
- Ability to build strong relationships and communicate with a wide spectrum of stakeholders
- Excellent knowledge of the project lifecycle
- Understanding of business finance and experience of effective managements of budgets and expenditure
- Comprehensive understanding of positioning Bank approach and policy in context of wider industry trends and direction
HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.
Issued by The Hongkong and Shanghai Banking Corporation Limited.