Security Consultant - #1691531

Join a digital-first bank that’s powered by people.

Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.

We have an entrepreneurial mindset. Our people work together, creating an agile, collaborative, and innovative culture. You’ll learn and expand your skills, and we will support you every step of the way as you grow your career.

The Managed File Transmission Team is responsible for managing file transfers for both internal and external customers of HSBC via shared file gateways on various platforms, products, technology, and standards supporting file transfers across the HSBC Group for all lines of business.

The team supports several technologies that provide reliable, resilient, and secure services. They oversee all aspects of the project lifecycle, ensuring compliance with bank policies, guidelines, governance, and standards. Team members are encouraged to explore new processes and procedures and seek continuous improvement within the File Transmissions Domain globally by working closely with the MFT Engineering Team.

The role involves working with senior leaders to deliver complex, enterprise-level initiatives aligned with the bank's strategic goals. The Technical Leader will play a key role in defining and developing the MFT Security Policy and ensuring adherence to HSBC Security Policies and Standards. The role also involves building effective partnerships with HSBC Cybersecurity to understand and respond to cyber threats.

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive benefits package, including private healthcare, enhanced maternity and adoption pay, support upon return to work, and a contributory pension scheme with a generous employer contribution.

In this role, you will:

1. Develop security policies, procedures, and plans to ensure robust governance.


2. Act as the MFT security authority, advising MFT technology teams.


3. Evaluate risks at the technical and system process levels by assessing systems for compliance with security frameworks like CAF, NIS/NIS2, ISO27001, NIST CSF, and CIS.


4. Produce detailed risk assessments and reports, highlighting security issues, recommending improvements, and providing mitigation solutions.


5. Understand the business and information risk landscape, including cyber threats and operational challenges faced by the MFT teams.


6. Assess risks at both technical and business process levels, communicating findings effectively to stakeholders.


7. Review existing controls against recognized frameworks and suggest security enhancements.


8. Research and analyze security technologies to support innovative security solutions for MFT services.


9. Perform complex risk assessments and threat modeling to support new technologies or design patterns.


10. Adhere to HSBC policies, procedures, and control requirements, raising concerns promptly.


11. Apply policies, procedures, and standards diligently to ensure high quality, risk management, and compliance.

To be successful in this role, you should meet the following requirements:

1. Experience in developing security policies, threat modeling, and risk determination.


2. Strong knowledge of frameworks such as CAF, NIS/NIS2, ISO27001, NIST CSF, and CIS, and risk assessment methodologies.


3. Experience reviewing security standards, controls, and policies, with the ability to recommend enhancements.


4. Good understanding of security testing principles, including vulnerability scanning, risk identification, resolution, and reporting.


5. Experience leading and delivering cybersecurity projects.


6. Ability to perform complex risk assessments and threat modeling for new technologies or design patterns.


7. Technical writing experience, including creating queries, reports, and presentations.

This role is based in Sheffield.

At HSBC, we are committed to creating diverse and inclusive workplaces, removing barriers, and ensuring careers are accessible to all. We are a Disability Confident Leader and will offer interviews to candidates with disabilities, long-term conditions, or neurodivergence who meet the role's minimum criteria. If you require accommodations during the recruitment process, please contact our Recruitment Helpdesk.