Designation : IT Security Analyst/Compliance Analyst
Location : Hyderabad
GCB : 6
Job Purpose (overall high level summary of the role)
The key objective of this role is to ensure that consistent, accurate information relating to Cybersecurity controls and activities is provided in response to Regulatory/Third Party exams, audit assessments and due diligence questionnaires. The scope covers Financial Service Regulators, Payment Regulators and Third Party partners, and is global in nature.
Reports to the Head of Cybersecurity Regulatory and 3rd Party Management
Principal Accountabilities: key activities and decision making areas
Typical Targets and Measures
Manage all enquiries and engagements via Archer, perform triage activities and ensure all necessary documentation is received in order to progress
Complete client due diligence assessments and contribute to RFPs for prospects, through effective response management
Understand & communicate Cybersecurity Control framework
Administration of GRC tool including access management, ensuring information kept up to date
Access Management/Information sharing for work flow management tool
Ensure applicable stakeholder feedback is incorporated into the standard regulatory responses
Maintenance of process documentation and service guides to enable consistency of response across GB / GF / Regions - control changes, new or changed regulation
At least annually, or as needed, review the standard regulatory response handbook and revise / modify as the technology / regulatory environment and landscape change
QA checking on information held in the GRC tool
Collate and securely store materials from previous regulatory engagements to support future submissions
Provide general templates and standards for providing information to regulators in already established formats.
Manage central mailbox for receiving queries/requests from other GB / GF / Regional teams.
Create, maintain and share metrics as part of weekly dashboards with EXCO and CIO
Assist Manager, Cybersecurity Regulatory, Third Party & Control Management as required
Analyse results from engagements and new mapping - provide interpretation/recommendations to GB/GF/Regional contacts
Provide output from the workflow management tool to the Regional representatives
Adherence to regulatory deadlines
Service provided within internal deadlines
Timely provision of reports
Continual improvement of Reg Engagement process
Evidence of escalation of deficiencies to Governance committees, as appropriate
Impact on the Business/Function
Provide guidance and opinion on appropriateness of i) evidence provided to Regulator ii) cybersecurity controls when demonstrating compliance to regulations
Provide evidence of compliance to cybersecurity regulatory requirements
Share Evidence Library with Cybersecurity colleagues globally to drive consistency of cybersecurity information shared with Regulators
Engagement with stakeholders to understand impact across all Three Lines of Defence of gaps in cybersecurity regulatory compliance
Representing Cybersecurity Regulatory Management in various forums/project WGs
Ensuring all stakeholders understand level of controls compliance and are able to articulate this to the Regulator
Effectively engages customers, colleagues and stakeholders to build a trust-based relationship and deliver a connected service.
Measure value-added insight to stakeholders.
Handles disagreement or objections with stakeholders constructively and confidently.
Customers / Stakeholders
Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.
Influences and engages effectively across a range of audiences
Engages effectively with customers/stakeholders at all levels
Builds and maintains effective working relationships
Manages a diverse set of stakeholders across the three lines of defence in order to achieve the overarching objectives, including:
Information Security and Risk
Audit and Compliance
Leadership & Teamwork
Work together with subject matter experts from Cybersecurity and ISR, to develop appropriate regulatory responses
Provide advice on levels of compliance to global cyber security regulations
Contribute to team development, effectiveness and success by sharing knowledge and good practice, working collaboratively with others to create a productive, diverse and supporting work environment
Take personal responsibility for understanding and agreeing performance expectations, completing the necessary mandatory training and developing the levels of capability and competence needed to be effective in the role.
Management of Risk (Operational Risk / FIM requirements)
The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
The jobholder will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.
Observation of Internal Controls (Compliance Policy / FIM requirements)
Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks.
The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.
Certifications, Qualifications & Experience (For the Job – not the Job holder. Minimum requirements of the Job)
Excellent understanding of Cybersecurity Control framework
Familiarity with Information Security standards, policies and key cyber regulations
Ability to make logical tactical decisions
Excellent communication and interpersonal skills with the ability to articulate clear and concise messages to internal and external stakeholders
Excellent stakeholder management skills with a proven ability to build and maintain strong relationships and communicate on complex issues with a wide spectrum of stakeholders.
Technical Skills - Cyber Security
ELIGIBILITY CRITERIA -
1. All applicants must have successfully completed 12 months in current role/Project/Department.
2. Applicant should not be on a corrective action plan/ disciplinary action in the last 6 months or any other performance action as on the date of application.
3. All applicants should inform their respective Line Managers of their application.
4. The Company reserves the right to change any terms and conditions related to employment, mentioned in the Offer Letter and the Rules and Regulations governing the conduct of the employee in the Company. Such change would be intimated by the Company through an internal communication to the employees at large.
5. Right to work is required. Local employment rulings and restrictions will apply.
***Issued By HSBC Software Development (India) Pvt Ltd***