HSBC Service Delivery (Polska) Sp. z.o.o. is a part of the HSBC Group. Headquartered in London, HSBC is one of the largest banking and financial services organisations in the world. HSBC's international network comprises around 4400 offices in over 71 countries and territories in Europe, the Asia-Pacific region, the Americas, the Middle East and Africa. HSBC provides a comprehensive range of financial services to around 47 million customers. We are looking for candidate for the position of:Senior Control Manager, Technology Control, WPB Location: Kraków
A key contributor within the Global Chief Control Officer (CCO) Function that directly supports the Group’s Chief Operating Officers (COO) within HSBC, one of the world’s largest banking and financial services organisations. The purpose of the CCO function is to enable our colleagues within HSBC Operations, Services and Technology (HOST) to deliver a safe and secure service to all our customers, colleagues and the Bank itself.
This role will provide expertise in relation to Technology’s management of its control environment within the context of the Operational Risk Management Framework.
The primary objectives of the role is to:
- Oversee the end to end health of the Wealth and Personal Banking (WPB) IT control environment (WPB product / value streams, CTO function, as well as Cyber, Architecture, and Data)
- Lead audit (internal and external) and risk related regulatory engagement as the technology controls SME
- Instigate and manage initiatives to drive improvements to the Technology control environment including the effective design of material controls
- Partner with the CIO management team to create effective design, analysis and remediation of control measures
- Provide risk and controls consultancy, advice and guidance to the CIO team
- Lead the application and critique of the Technology risk and controls framework
- Ensure the appropriate application of policies control standards and procedures
- Member of relevant governance forums, Audit and regulatory reviews etc
- Advocate the desired behavioural changes across the CIO community required to mature the understanding and management of technology risk controls
- Participate in strategic control framework workstreams.
- Active collaboration with other CCO Tech team
Impact on the Business/Function
- Partner with the CIO and their management team providing risk and controls consultancy, advice and guidance
- Operating as a Subject Matter Expert Role for the Risk Management Framework
- Work with Technology to support internal and external Audit and risk related regulatory engagement
- Influencing, explaining and managing effective design, analysis and remediation of control measures
- Work with Technology to create an effective design and efficient operation of
- Accountable for the deployment of the Operational Risk Management Framework
- Responsible for identifying emerging risks and threats and deficiencies with deployed key controls
- Opine on control environment, form risk assessments, provide advice on remediation plans
- Implement robust governance in relation to risks and ensuring all stakeholders have visibility of key risks and remediation activity
- Ensure Technology remains within its risk appetite
- Work with Technology to design and deploy key controls, key control indicators, evidence requirements and tools to ensure control effectiveness
- Validate control measures include RCA, KRIs, KCIs, control operation, test approaches, reviews, audits, judgment based attestations, supplier audits, sampling of supplier procedures
Customers / Stakeholders
- Engage the key stakeholders to promote positive behaviour and actively manage risk
- Work closely with Technology to develop and monitor risk remediation program activities and actions to ensure delivery within acceptable timelines
- Focusing on Technology top risks and threats, including new/emerging top risks, to ensure they are fully understood and that controls that mitigate these risks (key controls) are effective, efficient and where possible automated, rather than being comprehensive
- Responsible for embedding risk and control management framework
Leadership & Teamwork
- Role model a positive internal risk and control culture across Technology teams and shape the climate, tone and environment in which people work
- Make considered decisions that protect and enhance HSBC values, reputation and business
- Oversee the execution and remediation of thematic reviews / investigations / compliance reviews in response to internal or external events within Technology
Operational Effectiveness & Control
Apply and critique Risk & Control Framework by:
- Working with Technology to define and apply Technology Risk & Control standards and processes in order to drive consistency across Technology
- Partner with Technology to identify, measure, mitigate, monitor and report Technology’s top risks (including new/emerging top risks)
Apply and critique definition and application of policies, control standards and procedures by:
- Working with Technology to influence definition of policies and control standards
- Implementing clear policy framework across dispensations and waivers
To innovate and enhance the control framework and contribute towards reduction of findings noted in Audits, Internal Control reviews, 2LoD reviews, etc.
- Demonstrate a high degree of knowledge across the following frameworks and methodologies covering IT Risk (risk assessment, control frameworks and KCI’s, Issue/Action management), Software Development Lifecycle (Agile, DevOps, Business Transformation Framework, Project Management), and IT Service Management.
- Advise on new projects and products identifying key potential Risks and make recommendations to address them
- Knowledge and experience within Retail, Wealth & Private Banking (products, services, infrastructure) helpful but not required.
- Understand how IT controls and relate to business risk, and how control remediation mitigates residual risks for Wealth and Personal Banking.
- Ability to drill down to root cause and write/review clearly articulated risk documentation
- Able to analyze complex situations, influence strategies with practical, effective solutions
- Understanding of application and technology control design e.g. SOX testing, payments security, PCI etc
Observation of Internal ControlsThe jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
The jobholder will implement the Group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department a