Senior Control Manager, Technology Control, ITID SME

09 Sep 2017
07 Oct 2017
Contract Type
Role Title: Senior Control Manager, Technology Control, ITID SME

Business: CCO Technology

New or Existing Role? New

Grade: GCB4

Role Purpose
  • A key contributor within the newly established Global Chief Control Officer (CCO) Function that directly supports the Group's Chief Operating Officers (COO) within HSBC, one of the world's largest banking and financial services organisations. The purpose of the CCO function is to enable our colleagues within HSBC Operations, Services and Technology (HOST) to deliver a safe and secure service to all our customers, colleagues and the Bank itself.
• This CIO ManCo role will provides expertise in relation to Technology's management of its control environment within the context of the Operational Risk Management Framework.

• The primary objectives of the role is to:

• Oversee the end to end health of the control environment

• Lead audit (internal and external) and risk related regulatory engagement as the technology controls SME

• Instigate and manage initiatives to drive improvements to the Technology control environment including the effective design of material controls.

• Partner with the CIO management team to create effective design, analysis and remediation of control measures

• Provide risk and controls consultancy, advice and guidance to the CIO team.

• Lead the application and critique of the Technology risk and controls framework.

• Ensure the appropriate application of policies control standards and procedures.

• Member of relevant governance forums, Audit and regulatory reviews etc.
  • Advocate the desired behavioural changes across the CIO community required to mature the understanding and management of technology risk controls.
Key Accountabilities

Impact on Business
  • CCO Execution
• Partner with the CIO and their management team providing risk and controls consultancy, advice and guidance.

• Operating as a Subject Matter Expert Role for the Risk Management Framework.

• Work with Technology to support internal and external Audit and risk related regulatory engagement
  • Control Expertise
• Influencing, explaining and managing effective design, analysis and remediation of control measures

• Work with Technology to create an effective design and efficient operation of

• Accountable for the deployment of the Operational Risk Management Framework.

• Responsible for identifying emerging risks and threats and deficiencies with deployed key controls.

• Opine on control environment, form risk assessments, provide advice on remediation plans.
  • Governance
• Implement robust governance in relation to risks and ensuring all stakeholders have visibility of key risks and remediation activity.

• Ensure Technology remains within its risk appetite.

• Work with Technology to design and deploy key controls, key control indicators, evidence requirements and tools to ensure control effectiveness.

• Validate control measures include RCA, KRIs, KCIs, control operation, test approaches, reviews, audits, judgment based attestations, supplier audits, sampling of supplier procedures.
  • Risk Culture
• Engage the key stakeholders to promote positive behaviour and actively manage risk.

• Work closely with Technology to develop and monitor risk remediation program activities and actions to ensure delivery within acceptable timelines.

• Focusing on Technology top risks and threats, including new/emerging top risks, to ensure they are fully understood and that controls that mitigate these risks (key controls) are effective, efficient and where possible automated, rather than being comprehensive.

• Responsible for embedding risk and control management framework.

Leadership & Teamwork

• Role model a positive internal risk and control culture across Technology teams and shape the climate, tone and environment in which people work.

• Make considered decisions that protect and enhance HSBC values, reputation and business.

• Oversee the execution and remediation of thematic reviews / investigations / compliance reviews in response to internal or external events within Technology .

Operational Effectiveness & Control
  • Apply and critique Risk & Control Framework by:
• Working with Technology to define and apply Technology Risk & Control standards and processes in order to drive consistency across Technology
  • Partner with Technology to identify, measure, mitigate, monitor and report Technology 's top risks (including new/emerging top risks).
Apply and critique definition and application of policies, control standards and procedures by:

• Working with Technology to influence definition of policies and control standards.

• Implementing clear policy framework across dispensations and waivers
  • To innovate and enhance the control framework and contribute towards reduction of findings noted in Audits, Internal Control reviews, 2LoD reviews, etc.
Role Context
  • A high degree of knowledge in datacentre operations, network management, server and storage, desktop management, service delivery, availability management, IT Service Continuity, problem and incident management
  • Partner with key core infrastructure teams and stakeholders to define IT Infrastructure Delivery control requirements in a regional and global capacity.
  • Advise on new projects and products identifying key potential Risks and make recommendations to address them
  • Provide subject matter expert (SME) insight into the existing technologies and using this knowledge to inform and support the design and implementation of effective IT Infrastructure Delivery controls in a regional and global capacity
  • Understand how the Road to Green (RtG) Programme will improve the control environment for IT Infrastructure Delivery and be able to confidently discuss how this programme will mitigate residual risk for the GB/GFs in a regional and global capacity
  • Understand how IT Infrastructure Delivery supports Critical Business Services and Infrastructure that is consumed by the Global Businesses and Functions and how Operational Risk is being managed for these services
  • Ensure accountability, focus and ownership of material operational risks when faced with competing priorities
Management of Risk
  • Consistently display positive leadership behaviors related to the management and mitigation of risk, including notification and escalation of any concerns and ensuring timely action in relation to points raised by audit, 2LoD and external regulators.
  • Continually support HSBC's approach to conduct, which is designed to ensure we deliver fair outcomes for our customers and do not disrupt the orderly and transparent operation of financial markets.
  • Maintain awareness of operational risk and minimise the likelihood of it occurring, including its identification, assessment, mitigation and control, loss identification and reporting in accordance with section B.1.2 of the Group Operations Functional Instruction Manual - FIM.
• Ensures that HSBC internal control standards are met, including timely implementation of audit actions together with any issues raised by external regulators.

• The jobholder will adopt the Group Compliance Policy by escalating any identified compliance risk in liaison with, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term 'compliance' embraces all relevant financial services laws, rules and codes with which the business has to comply.

• This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators.

Observation of Internal Controls




• Proactive management of current and emerging risk exposures in relation to IT Operations

• At least 5 years relevant experience preferably within a risk management related role

• Relevant working experience in Financial Services industry

• Relevant experience within IT infrastructure


• Strong knowledge of Operational Risk and / or Audit

• Knowledge of Operational Risk modelling

• Open personality with effective communication skills

• Lead and coordinate with colleagues and key stakeholders in an international team

• Complete presentations, training and lead workshops

• Planning and project management skills

• Ability to work independently with limited supervision

• Communication - Ability to present complex issues confidently and concisely to Technology and HOST Senior Executives and other key stakeholders using non-technical easily understood language
  • Make considered decisions that protect and enhance HSBC values, reputation and business
  • Ability to drill down to root cause and write/review clearly articulated risk documentation
  • Strong knowledge across databases, Operating Systems, middleware, mainframe, network architecture and datacentre and service management
• Degree in information security..... click apply for full job details