Senior Data Risk Manager is a sub function of Group Risk. Its purpose is to make sure HSBC understands, and is in control of its non-financial risk position. In addition, the function provides resilience risk stewardship to the Regional Business and Functions and the entities we operate in. This is achieved through:

• Completing analytical assessments and opining on the control environment of the First Line of Defence (1LOD) within Businesses and Regions
• Constructive challenge to the businesses and functions on their control environment and assessment of risk
• Oversight of emerging risks, strategic business initiatives and local change activity and new/materially changed products
• Analysis of risk exposure across all bank operations and territories to inform capital management and stress testing requirements
• Completing thematic reviews and aggregated reporting of the Non-Financial Risk profile of the bank
• Responsibility for the implementation of a Risk Management Framework (RMF) that sets out governance, policies and practices to proactively identify, assess, measure and report on, mitigate and control operational risk exposures associated with HSBC's businesses and operations at all levels of the organisation.

The role holder will have regional responsibility for:

• Supporting the deployment of deep subject matter expertise around data risk regionally
• Providing advice, guidance and challenge to senior businesses, functions and entity management in region
• Supporting development and oversight of effective implementation of the Group's data risk framework across the Group
• Providing guidance and support with policy writing, owning and monitoring compliance with a comprehensive set of clear and concise policies that outline the key principles and minimum requirements applicable to the management of data risk
• Engaging with risk owners, control owners and risk stewards to ensure data risks are managed in accordance to policy
• Overseeing compliance, for example, through the Risk and Control Assessment process, Top Risk Assessments and Incident Management process
• Promoting and developing data risk awareness and risk management culture in order to ensure that the material risks are both evident and effectively managed
• Identifying any concerning trends and challenging the business to address these
• Supporting with defining the risk and control library, including minimum control standards, with input from Risk Owners, Business Service and Control Owners, specifying key risks and key controls
• Recommending RCA scoping for data risk controls and challenge where this is not appropriately applied in the RCA
• Driving appropriate governance for data risk across key stakeholders and senior control owners
• Reporting on risk and control profile, including impacts of external environment changes, emerging risks and changes to the business strategy.

Main Responsabilities:
Principal Accountabilities:
Impact on the Business

• Providing guidance and risk insight around data risk regionally and the associated remediation as required
• Ensuring critical issues both in key controls and material change programmes are managed for data risk, are understood by and escalated to appropriate governance forums for appropriate and timely resolution
• Educating stakeholders to understand the impact of emerging risks that require changes to controls, resources and business operations to ensure they remain within appetite
• Ensuring that data risk initiatives are not adversely affected as a result of poor planning, testing and approach during the delivery of significant change
• Supporting a culture within the organisation for effective management of data risk

Customers / Stakeholders

• Supporting the establishment of a centre of excellence in data risk and ensure the integration of risk insight from the relevant second line specialist risk functions
• Developing key relationships with business and functional areas ensuring a clear understanding of the material risk and control issues within the respective areas
• Providing guidance so business/function management fully considers and effectively manages data risk in accordance with established policies and procedures
• Assisting internal, external, and regulatory audits
• Managing relationship with the regulator(s) and Regional Operational and Resilience Risk Heads.

Operational Effectiveness and Control

• Acting as trusted advisor to ensure that operational processes are operating and that a robust internal control environment is in place throughout the region, commensurate with the volume/scale of operations
• Monitoring and reviewing and process dispensation requests raised by businesses that pertain to the management of data risk
• Providing leadership over regional regulatory and compliance matters, and the management of data risk.

Requirements

• An undergraduate degree in Computer Science, Engineering, Mathematics, or a related field
• Advanced qualifications: Advanced Degrees (Masters, MSci, PhD).
• Professional qualifications: CISSP,CRISC, CISM, PCI, CDPP (Certified Data Privacy)
• Demonstrated ability to rapidly build relationships with key stakeholders;
• Excellent working knowledge of major IT infrastructure and middleware:

- Database platforms (Oracle, SQL, DB2),
- OSs (UNIX, Windows, Solaris),
- Networks (inc. CISCO),
- Communication protocols, cryptography and security infrastructure ( TLS, HSMs,)
- Data Risk on Cloud

• Excellent working knowledge of Information security principles (confidentiality, integrity and availability)
• Depth experience in Data Risk Management
• A track record of delivering complex programmes and projects;
• A wide knowledge of regulatory requirements and their potential business impact from an information security standpoint ( GDPR, Ley federal de proteccion de datos personales en posecion de los particulares ( LFPDPPP)

HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc., We consider all applications based on merit and suitability to the role.