The Role
Resilience risk is HSBC's ability to continue delivering important business services within agreed impact tolerances during disruption. As Director, Head of CTO Technology Risk within Group Resilience Risk (Risk and Compliance) you'll set the strategic direction for resilience risk oversight focused on controls owned, operated or impacted by the Chief Technology Office (CTO). You'll strengthen technology and cyber controls in an environment of increasing threat sophistication and architectural complexity while maintaining alignment to applicable frameworks, policies, procedures and regulatory requirements. Success means clear executive-level risk insight, consistent control expectations and timely remediation that reduces incident impact and supports recovery within defined objectives. You'll partner across the HSBC matrix to embed resilience by design in change and to keep delivery within risk appetite.
What you'll be doing
- Set the strategic direction for resilience risk oversight for CTO-owned or CTO-impacted controls
- Advise senior leaders on the business impact of incidents, issues and top and emerging risks to inform decisions on controls, investment, resourcing and operating model changes
- Hold risk and control owners accountable for evidencing control design and operating effectiveness with timely remediation where gaps are identified
- Run horizon scanning across regulatory, technology and threat landscapes translating developments into actionable resilience priorities
- Provide senior oversight and constructive challenge for GRR and regulatory reporting including RAS, top and emerging risks, risk profile reporting, RMM and relevant Board reporting
- Ensure material resilience risk issues and events are investigated to root cause with corrective actions agreed, tracked and embedded to prevent recurrence
- Oversee governance for key controls and material change programmes ensuring risks are understood, appropriately escalated and managed through the right forums
- Manage regulatory and audit engagement for resilience risk supporting supervisory expectations and timely closure of audit actions and findings
What we're looking for
- Apply deep technical expertise in resilience risk with a focus on Technology and Cybersecurity controls including identification, assessment, monitoring, control and mitigation
- Interpret the relevant regulatory landscape and evaluate the impact of regulatory change particularly relating to resilience risk
- Demonstrate established experience providing expert advice and robust oversight on risks and controls including implementing risk management policies
- Communicate complex technical concepts clearly to non-technical audiences including senior stakeholders
- Build effective stakeholder networks and influence decisions within a complex matrix organisation across 1LoD, senior management, audit and regulators
- Oversee multi-location teams of professionals including day-to-day management of direct and indirect reports
- Establish and maintain external relationships including engagement with regulators where required
Embedding Resilience by Design
If you want your work to shape how a global bank anticipates disruption and restores services when it matters most this role offers that scope. You'll set clear control expectations for CTO technology and cyber risk and turn them into measurable outcomes through disciplined oversight and stakeholder partnership. You'll also play a key part in strengthening risk culture across global teams and ensuring issues are resolved with pace and lasting fixes. Apply to help protect service integrity and availability across HSBC.