Consultant Specialist

Department and Function Background

Operating within the Global Cybersecurity function and under the management of the Global Head of Cybersecurity Operations & Intelligence, the Global Cybersecurity Operations & Intelligence (GCO&I) team provides a coordinated suite of cyber-threat defence services and are responsible for the monitoring, detection and response to cybersecurity threats across the global HSBC technology estate.

The GCO&I team is split into five distinct sub-functions:

• Monitoring & Threat Detection (M&TD) – Monitoring, detection, alerting and triage of initial cyber-threat events.

• Incident Management & Response (IM&R) – Management and deep-dive investigation and response to cyber-incidents.

• Information Protection & Response (IPR) – Management and response to cyber-related data protection incidents.

• Cyber Intelligence & Threat Analysis (CITA) – Collection, curation and production of actionable cyber-threat intelligence.

• Sustainable Cybersecurity Operations (SCO) – Consisting of three sub-function teams focussed on the continuous improvement of the Cybersecurity Operations and Security Operations Centre (SOC), technology integrations and capability enhancements.

Critical to the success of GCO&I are close partnerships with the wider Cybersecurity teams, technical infrastructure support teams and the internal HSBC stakeholders across the global businesses and functions.

Role Description – Lead Cybersecurity Operations Integration Analyst

Reporting directly into the ‘Head of Cybersecurity Operations Integration, the Lead Cybersecurity Operations Integration Analyst is a technical subject matter expert (SME) within a small team tasked with the onboarding of new technologies, business services logging feeds and cybersecurity tooling into the Global Cybersecurity Operations Security Operation Centre (SOC).

The role holder will be a key technical and engagement lead, tasked with achieving the desired outcomes via proactive and collaborative stakeholder engagements across the technology landscape. Working closely with the technology owners and the SOC Monitoring & Threat Detection and Incident Response teams, the role holder will continuously review and manage onboarding requests to ensure a cyber-threat intelligence led approach to the prioritisation of engagements.

This is a key role that underpins the foundational capabilities that support the Global Cybersecurity Operations & Intelligence mission to respond to

cyber-threats against HSBC rapidly, effectively and consistently.

• Supporting the technical development, implementation and maintenance of a technology and log ingestion framework that aligns to control requirements and supports a cyber-threat intelligence led approach to the detection, response and containment of cyber-threats.

• Supporting and maintaining the technical aspects of a flexible stakeholder engagement model that caters for both proactive and reactive collaboration and can rapidly adjust and reprioritise workloads in response to the changing threat-landscape.

• Contributing to the building and maintaining strong processes and collaborative working practices with supporting teams in Sustainable Cybersecurity Operations and the wider Global Cybersecurity Operations & Intelligence teams.

Building relationships and engagements with the many technology and platform owner stakeholders

• Successfully maintaining these relationships and delivering prioritised outcomes in an environment where relationships can be complex and priorities are often divergent.

• Maintaining governance across all Cyber Ops Integration activities and ensuring the creation, collection and processing of key data points to feed into relevant service reporting e.g. service delivery metrics, KPIs, KCIs, and performance dashboards.

• Supporting the development and maintenance of a functional strategy that supports continuous improvement and is aligned to the wider Sustainable Cybersecurity Operations and Global Cybersecurity Operations & Intelligence strategy and goals.

• Supports the development of the GCO&I functions, engaging with colleagues across Cybersecurity and other IT functions to drive and deliver sustainable operational solutions in line with department strategy.

• Drives business performance, clear thinking and utilises experience whilst under pressure.

• Delivers sustainable business outcomes.

• Supports the building of effective technology and process control capabilities that continuously evolve to meet security and compliance needs

• Works closely with peers and business leads to build and implement controls in adlignment with risk-posture, architectural constraints, company strategic direction and industry trends and best practices.

• Drives delivery of the highest standards and outcomes, inspiring others to do the same. Focuses on medium and long-term goals even when under pressure or facing uncertainty. Manages expectations, results and impact of agreed outcomes, thinking ahead to identify and overcome potential issues.

• Strategically drives innovation to gain competitive advantage, taking calculated, entrepreneurial risks to achieve business outcomes. Generates an environment in which innovation is seamlessly embedded into working practices.

• Leads a customer-focused and collaborative culture by championing customer and stake-holder engagement throughout the team.

• Demonstrates an understanding of customer and stakeholder requirements by providing specialist input and knowledge and having a detailed understanding of the different short and long term shifts in business/function patterns of activity and demand.

• Understands and interprets developments and changes in future business requirement and ensures the appropriate reaction and response through discourse and the implementation of relevant, security focused, technical and procedural solutions.

Strengthens stakeholder relationships and enhances key relationships using rapport-building expertise and appropriate influencing skills to add and increase stakeholder advocacy. Key relationships to include Functional heads across the other CTO functions and external account managers for third party suppliers and vendors, along with other regional counterparts across the globe, Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach.

• Supports the technical direction of the Cyber Ops Integration team, making sustainable decisions that protects and enhances HSBC’s values, reputation and stakeholder value.

• Actively engages in a learning culture, encouraging collaboration and cross-functional working to develop and nurture teams and identify talent.

• Authentically engages a diverse group of stakeholders internally and externally to influence the achievement of best outcomes for all stakeholders.

• Builds rapport and mutual understanding to communicate and create opportunities for cross-business and/or international working, encouraging debate and open discussion. Encourages people to build sustainable relationships beyond transactional levels and use empathy and insight to build better understanding of mutual benefits.

Supports close team collaboration and mentoring practices.

• Governs risk responsibly. Promote ethical management of risk across regions and business areas within their teams.

• Communicates changes in policy and governance effectively, reinforcing risk processes within their team.

• Builds and sustains a risk aware culture. Shows integrity whilst promoting and managing relevant monitoring and reporting requirements within their team.

• Embeds efficient risk and compliance processes and procedures into business as usual practices.

• Builds collaborative relationships, defines and articulates to stakeholders the targeted benefits for a change intervention.

• Demonstrates effective financial skills to develop a detailed business case, including investments, detailed benefits (financial, non-financial and strategic) and link to overall finances of the business.

• Supports the management of department finances. Accurately interprets strategic financial information: makes insightful decisions in financial planning and programme performance monitoring.

• Identifies and highlights financial implications of risks/issues, involves stakeholders and supports management of budget variation as appropriate

• The role holder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.

• The role holder will also continually reassess the Cyber Security and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.

This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring and by addressing any areas of concern in conjunction with entity management and/or the appropriate department.

• An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.

• An understanding of organisational mission, values and goals and consistent application of this knowledge.

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.

• A team-focused mentality with the proven ability to work effectively with diverse stakeholders.

• Self-motivated and possessing of a high sense of urgency and personal integrity.

• Highest ethical standards and values.

• Good understanding of HSBC cybersecurity principles, global financial services business models, regional compliance regulations and applicable laws.

• Good understanding and knowledge of common industry cybersecurity frameworks, standards and methodologies, including; OWASP, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards, and the MITRE ATT&CK Framework.

• Experience in a leadership position within a cyber-security operations team to include team and capability development, staff development, career management, and recruitment.

• Ability to orchestrate, manage and successfully implement major procedural and technological change within a complex, global organisation.

• Ability to speak, read and write in English, in addition to your local language.

• Knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, AV, EDR, Firewalls, Proxies etc.

• Knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.

• Excellent knowledge of common enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware.

• Some technical experience of 3rd party cloud computing platforms such as AWS, Azure and Google their associated security tooling/platforms.

• Knowledge and demonstrated experience in incident response tools, techniques and process for effective threat containment, mitigation and remediation.

• Knowledge and demonstrated experience of common log management suites, Security Information and Event Management (SIEM) tools such as Splunk Enterprise Security or Microsoft Sentinel. Knowledge of cloud based “data lake” solutions used for the collection and real-time advanced analysis of security information.

• Ability to identify, develop and track key performance indicator (KPI) and key control indicator (KCI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.

• Good knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.

• Experience in a cybersecurity or technical position, preferably in the finance or similarly regulated sector.

• Industry recognised cybersecurity related certifications including: CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP

• Formal education and advanced degree in Information Security, Cyber-security, Computer Science, or similar and/or commensurate demonstrated work experience in the same.

• Certified in the use and management of core security platforms such as SIEM, SOAR, EDR, XDR, NDR, Firewalls, Proxies etc.

• Core technical platform / OS certifications e.g. Windows, Linux, MacOS.