Director, Cyber Security - Remote, United States - TEKsystems

Description

Description:

The US Senior Cyber Lead is responsible for supporting the Regional Information Security Officer (RISO) in providing regional input into and executing the Group Information Security and Cybersecurity strategy across the designated Region. The key responsibilities include managing Governance & Reporting, Information Security Risk and Remediation, Secure Business Transformation, Compliance to local legal entity regulations and reporting the cyber risk posture to the regional legal entity boards, senior management and risk management forums.

The role requires the ability to translate highly technical Cybersecurity concepts into consumable language, in order to support the RISO to drive continuous assessment and improvement of cybersecurity and information security risk in line with risk appetites and a constantly evolving cyber-threat landscape. The role is expected to support the execution of the global Cybersecurity strategy through a series of run-the-bank programs within their respective Region and through coordination with the central Cybersecurity functions in execution of change-the-bank programs.

This role holder will collaborate with other cybersecurity team members within the region, work in partnership with the central functions of Group Cybersecurity, the virtual team (PODs), technology teams, information security control owners, non-cyber control owners and the regional/ business Chief Controls Office to achieve their goals.

Primary Responsibilities

Scope of Coverage

The US Senior Cyber lead is part of the 1LOD (1st line of defense), in the designated Region, to define and implement an industry-leading Cybersecurity Service that supersedes the Bank's constantly changing information security threats. In addition, the role is a key point of contact for managing Information and Cybersecurity risks and controls (including cyber owned and non-cyber owned controls), relating to their governance, operation, monitoring and reporting.

The role reports into the RISO of the respective region, which in turn reports to the Global Head of Cybersecurity Business Enablement.

Governance & Reporting

Support the RISO with Information Security monitoring and risk reporting for the respective Regions/ Country, ensuring all Cybersecurity related activities within the allocated area are shared with the RISO in a timely manner.

Support the COO, CIO and the Heads of Technology functions in the respective Region/ Country in the management of information security risks and the maintenance of an effective and robust information and cybersecurity control environment.

Leverage the global reporting capabilities (augmented to meet specific local requirements) to provide monthly updates to drive Cybersecurity control improvement initiatives.

Own all Cybersecurity related activities for respective Region/ Country regardless of which organization delivers that security service.

Work closely with the RISO to ensure all Region/ Country requirements are provided to the Group cybersecurity team in order to drive prioritization and scope definition for these capabilities and programmers.

Track and report on business-critical Cybersecurity strategic transformation programs.

Support the RISO in representing Cybersecurity in relevant management and governance forums, Risk Management Meeting (RMM), IT Control Environment Management Meeting (CEMM), Cyber Security CEMM, Info Security Risk Working and Steering Group, Audit and Risk Committee.

Align with existing governance structure and drive improvement for the effective management of information security and cybersecurity controls (both cyber owned and non-cyber owned) for the respective Region/ Country.

Support the RISO to deliver the Global Cybersecurity strategy for respective Region/ Country following the Group Strategy with local requirements supported.

Support the RISO to build and manage local plans and budgets which identify value and cost reduction opportunities.

Promote Cybersecurity awareness and clear reporting of Region/ Country initiatives, threat intelligence, etc. to improve the overall perception of Cybersecurity as an enabler for business.

Information Security Risk Management & Remediation

Responsible for understanding the risk in the respective Region/ Country. Understand the Region/ Country's critical assets, identify threats/ vulnerabilities and determine corresponding information security risk levels based on globally established control requirements and augmented by local or jurisdictional requirements.

Work collaboratively with the RISO to drive and support the information security and cybersecurity risk management and remediation activities for the respective Region/ Country. Align with CCO, 2nd line, CTO, and local CIO teams to ensure security is developed by design and work to remediate issues identified, in a timely manner.

Ensure all remediation actions are completed within agreed timelines and work with the appropriate stakeholders within the respective Region/ Country to ensure adequate level of support and commitment is available to drive remediation.

Help management in the business and technology teams to understand the risk they are making a decision on or accepting while performing business. Ensure risk sits within defined appetite and ensure that this is cascaded up the RISO in a timely manner.

Incident Management

Work with stakeholders in respective Region/ Country to support the resolution / remediation of all major cybersecurity incidents.

In partnership with GCO, support the RISO in providing incident support and management in respective Region/ Country.

Assess the impact of major incidents on respective Region/ Country; work with the RISO and the Global Cybersecurity service lines on action plans to minimize impact.

Work with the RISO and peers to meet common Region/ Country goals, linked to the risk framework operational risk simulations, MIG exercises, cyber-enabled fraud collaboration, data security reporting, exceptional access and risk reviews of regional business initiatives.

1LOD teams: ITID, Architecture, Business Continuity Management, Regional Fraud/Insider Risk Management teams and Business Information Risk Officers

2LOD teams: Resilience Risk Stewards, Data Privacy Officers, Regulatory compliance.

Skills:

Cyber security, Information security, Cissp certification, risk management, IAM, TVM, Security Operations, Security Architecture., incident response, vulnerability, security

Top Skills Details:

Cyber security,Information security,Cissp certification,risk management,IAM,TVM,Security Operations,Security Architecture.

Additional Skills & Qualifications:

Secure Business Transformation-

Partner with the business to help them achieve their strategic objectives by ensuring that cybersecurity services provided are fit for purpose. Understand business/ regional/ country strategies and requirements and ensure business requirements are incorporated within the cyber global investment/ transformation program.

Enable secure business transformation, including support of business led projects, divestitures, mergers and acquisitions within the respective Region/ Country as applicable while ensuring that new capabilities and entities are setup securely and adopted efficiently in the respective Region

Ensure adherence to cybersecurity controls and enable/ facilitate access to existing cybersecurity services to support the business strategy.

Determine and drive the respective requirements to be addressed by the local team members from the global security capabilities/services or central cybersecurity functions.

Support the RISO to oversee the implementation and gap assessments of global, regional and local initiatives for respective Region/ Country

Regulatory Compliance and Industry and Customer Engagement

Support the RISO to drive the management and reporting of regulatory compliance requirement for cybersecurity and information security controls in the respective region/ country by collaborating with Cybersecurity central functions.

Build and maintain strong relationships with relevant regional/ country associations, government agencies, forums etc. to represent HSBC's strategic direction with regard to legal and regulatory requirements.

Ensure adherence to the three lines of defense organizational model with clear lines of responsibility, accountability and segregation of duties.

Support the RISO in ensuring compliance with internal audit and external regulators that any organizational changes are fit-for-purpose and meet their expectations.

Face off to the region/ country's legal entities for regulatory, au

Experience Level:

Expert Level

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.