ISR Senior Analyst/Cybersecurity

HSBC - More jobs by this advertiser
 Job Description - ISR Senior Analyst/Cybersecurity (0000ERVO)

Job Description 

ISR Senior Analyst/Cybersecurity : 0000ERVO 




Job Description 


Designation : IT Security Analyst/Compliance Analyst


Location : Hyderabad


GCB : 6


Job Purpose (overall high level summary of the role)

The key objective of this role is to ensure that consistent, accurate information relating to Cybersecurity controls and activities is provided in response to Regulatory/Third Party exams, audit assessments and due diligence questionnaires. The scope covers Financial Service Regulators, Payment Regulators and Third Party partners, and is global in nature.



Organisation structure:

Reports to the Head of Cybersecurity Regulatory and 3rd Party Management

Principal Accountabilities: key activities and decision making areas

Typical Targets and Measures

  • Manage all enquiries and engagements via Archer, perform triage activities and ensure all necessary documentation is received in order to progress
  • Complete client due diligence assessments and contribute to RFPs for prospects, through effective response management
  • Understand & communicate Cybersecurity Control framework
  • Administration of GRC tool including access management, ensuring information kept up to date
  • Access Management/Information sharing for work flow management tool
  • Ensure applicable stakeholder feedback is incorporated into the standard regulatory responses
  • Maintenance of process documentation and service guides to enable consistency of response across GB / GF / Regions - control changes, new or changed regulation
  • At least annually, or as needed, review the standard regulatory response handbook and revise / modify as the technology / regulatory environment and landscape change
  • QA checking on information held in the GRC tool
  • Collate and securely store materials from previous regulatory engagements to support future submissions
  • Provide general templates and standards for providing information to regulators in already established formats.
  • Manage central mailbox for receiving queries/requests from other GB / GF / Regional teams.
  • Create, maintain and share metrics as part of weekly dashboards with EXCO and CIO
  • Assist Manager, Cybersecurity Regulatory, Third Party & Control Management as required
  • Analyse results from engagements and new mapping  - provide interpretation/recommendations to GB/GF/Regional contacts
  • Provide output from the workflow management tool to the Regional representatives



Adherence to regulatory deadlines


Service provided within internal deadlines



Timely provision of reports


Continual improvement of Reg Engagement process



Evidence of escalation of deficiencies to Governance committees, as appropriate





Impact on the Business/Function


  • Provide guidance and opinion on appropriateness of  i) evidence provided to Regulator ii) cybersecurity  controls when demonstrating compliance to regulations
  • Provide evidence of compliance to cybersecurity regulatory requirements
  • Share Evidence Library with Cybersecurity colleagues globally to drive consistency of cybersecurity information shared with Regulators
  • Engagement with stakeholders to understand impact across all Three Lines of Defence of gaps in cybersecurity regulatory compliance
  • Representing Cybersecurity Regulatory Management in various forums/project WGs



Ensuring all stakeholders understand level of controls compliance and are able to articulate this to the Regulator


Effectively engages customers, colleagues and stakeholders to build a trust-based relationship and deliver a connected service.


Measure value-added insight to stakeholders.


Handles disagreement or objections with stakeholders constructively and confidently.

Customers / Stakeholders


Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.


  • Influences and engages effectively across a range of audiences
  • Engages effectively with customers/stakeholders at all levels
  • Builds and maintains effective working relationships 
  • Manages a diverse set of stakeholders across the three lines of defence in order to achieve the overarching objectives, including:
    • Cybersecurity teams
    • Information Security and Risk
    • Audit and Compliance
    • Business


Leadership & Teamwork


  • Work together with subject matter experts from Cybersecurity and ISR, to develop appropriate regulatory responses
  • Provide advice on levels of compliance to global cyber security regulations
  • Contribute to team development, effectiveness and success by sharing knowledge and good practice, working collaboratively with others to create a productive, diverse and supporting work environment
  • Take personal responsibility for understanding and agreeing performance expectations, completing the necessary mandatory training and developing the levels of capability and competence needed to be effective in the role.





Management of Risk (Operational Risk / FIM requirements)


  • The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.
  • The jobholder will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
  • This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.

Observation of Internal Controls (Compliance Policy / FIM requirements)



  • Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.
  • The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks.
  • The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
  • This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.







Certifications, Qualifications & Experience (For the Job – not the Job holder.  Minimum requirements of the Job)


  • Excellent understanding of Cybersecurity Control framework
  • Familiarity with Information Security standards, policies and key cyber regulations
  • Ability to make logical  tactical decisions
  • Methodical approach
  • Analytical skills
  • Excellent communication and interpersonal skills with the ability to articulate clear and concise messages to internal and external stakeholders
  • Excellent stakeholder management skills with a proven ability to build and maintain strong relationships and communicate on complex issues with a wide spectrum of stakeholders.


Technical Skills - Cyber Security



Any Graduate








1. All applicants must have successfully completed 12 months in current role/Project/Department.


2. Applicant should not be on a corrective action plan/ disciplinary action in the last 6 months or any other performance action as on the date of application.


3. All applicants should inform their respective Line Managers of their application.


4. The Company reserves the right to change any terms and conditions related to employment, mentioned in the Offer Letter and the Rules and Regulations governing the conduct of the employee in the Company. Such change would be intimated by the Company through an internal communication to the employees at large.


5. Right to work is required. Local employment rulings and restrictions will apply.




                ***Issued By HSBC Software Development (India) Pvt Ltd***











Job Field

 : Technology

Primary Location

 : Asia Pacific-India-Telangana-Hyderabad


 : Full-time 


 : Day JobType of Vacancy : Country vacancy

Job Posting

 : 28-Oct-2020, 16:43:28 

Unposting Date

 : 28-Nov-2020, 02:29:00  

28 October 2020
Work type:
Full time
Banking and Financial Services
PLEASE! No enquiries from Recruitment Agencies or Headhunters.

Only direct applications will be considered.

This career opportunity is no longer open.
Please search for current vacancies here.

Bookmark and Share
  • Previous Next

This website uses cookies

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.
I agree
Read more