Senior Technology Control Officer - Payments

A key contributor within the newly established Global Chief Control Officer (CCO) Function that directly supports the Group?s Chief Operating Officers (COO) within HSBC, one of the world?s largest banking and financial services organisations. The purpose of the CCO function is to enable our colleagues within HSBC Operations, Services and Technology (HOST) to deliver a safe and secure service to all our customers, colleagues and the Bank itself.
This CIO ManCo role will provides expertise in relation to Technology?s management of its control environment within the context of the Operational Risk Management Framework.
The primary objectives of the role is to:
Oversee the end to end health of the control environment
Lead audit (internal and external) and risk related regulatory engagement as the technology controls SME
Instigate and manage initiatives to drive improvements to the Technology control environment including the effective design of material controls
Partner with the CIO management team to create effective design, analysis and remediation of control measures
Provide risk and controls consultancy, advice and guidance to the CIO team
Lead the application and critique of the Technology risk and controls framework
Ensure the appropriate application of policies control standards and procedures
Member of relevant governance forums, Audit and regulatory reviews etc
Advocate the desired behavioural changes across the CIO community required to mature the understanding and management of technology risk controls
Principal Accountabilities
CCO Execution
Partner with the CIO and their management team providing risk and controls consultancy, advice and guidance
Operating as a Subject Matter Expert Role for the Risk Management Framework
Work with Technology to support internal and external Audit and risk related regulatory engagement
Control Expertise
Influencing, explaining and managing effective design, analysis and remediation of control measures
Work with Technology to create an effective design and efficient operation of
Accountable for the deployment of the Operational Risk Management Framework
Responsible for identifying emerging risks and threats and deficiencies with deployed key controls
Opine on control environment, form risk assessments, provide advice on remediation plans
Implement robust governance in relation to risks and ensuring all stakeholders have visibility of key risks and remediation activity
Ensure Technology remains within its risk appetite
Work with Technology to design and deploy key controls, key control indicators, evidence requirements and tools to ensure control effectiveness
Validate control measures include RCA, KRIs, KCIs, control operation, test approaches, reviews, audits, judgment based attestations, supplier audits, sampling of supplier procedures
Risk Culture
Engage the key stakeholders to promote positive behaviour and actively manage risk
Work closely with Technology to develop and monitor risk remediation program activities and actions to ensure delivery within acceptable timelines
Focusing on Technology top risks and threats, including new/emerging top risks, to ensure they are fully understood and that controls that mitigate these risks (key controls) are effective, efficient and where possible automated, rather than being comprehensive
Responsible for embedding risk and control management framework
Leadership & Teamwork
Role model a positive internal risk and control culture across Technology teams and shape the climate, tone and environment in which people work
Make considered decisions that protect and enhance HSBC values, reputation and business
Oversee the execution and remediation of thematic reviews / investigations / compliance reviews in response to internal or external events within Technology
Operational Effectiveness & Control
Apply and critique Risk & Control Framework by:
Working with Technology to define and apply Technology Risk & Control standards and processes in order to drive consistency across Technology
Partner with Technology to identify, measure, mitigate, monitor and report Technology ?s top risks (including new/emerging top risks)
Apply and critique definition and application of policies, control standards and procedures by:
Working with Technology to influence definition of policies and control standards
Implementing clear policy framework across dispensations and waivers
To innovate and enhance the control framework and contribute towards reduction of findings noted in Audits, Internal Control reviews, 2LoD reviews, etc
Operational Risk Management
Consistently display positive leadership behaviors related to the management and mitigation of risk, including notification and escalation of any concerns and ensuring timely action in relation to points raised by audit, 2LoD and external regulators
Continually support HSBC's approach to conduct, which is designed to ensure we deliver fair outcomes for our customers and do not disrupt the orderly and transparent operation of financial markets
Maintain awareness of operational risk and minimise the likelihood of it occurring, including its identification, assessment, mitigation and control, loss identification and reporting in accordance with section B.1.2 of the Group Operations Functional Instruction Manual - FIM
Ensures that HSBC internal control standards are met, including timely implementation of audit actions together with any issues raised by external regulators
The jobholder will adopt the Group Compliance Policy by escalating any identified compliance risk in liaison with, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ?compliance? embraces all relevant financial services laws, rules and codes with which the business has to comply
This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators
Demonstrate a high degree of knowledge across the following frameworks and methodologies covering Agile, Devops, Business Transformation Framework, Project Management and System Design
Demonstrate a high degree of knowledge of financial crime processes across Anti-Money Laundering, Sanctions and Anti Bribery and Corruption, Payment Fraud and Customer Due Diligence
Advise on new projects and products identifying key potential Risks and make recommendations to address them
Good understanding of payments systems and controls
A strong understanding of the finance and HR function, to include knowledge of general ledger, headcount, payroll systems, and regulatory requirements.
Understand how Corporate Functions supports Critical Business Services and Infrastructure that is consumed by the Global Businesses and Functions and how Operational Risk is being managed for these services
Understand how the Road to Green (RtG) Programme will improve the control environment and be able to confidently discuss how this programme will mitigate residual risk for Corporate Functions.
Ability to drill down to root cause and write/review clearly articulated risk documentation
Able to analyze complex situations, influence strategies with practical, effective solutions
Deep understanding of application and technology control design e.g. SOX testing, payments security, PCI etc.
At least 5 years relevant experience preferably within a risk management related role
Relevant working experience in Financial Services industry
Strong knowledge of Operational Risk and / or Audit
Knowledge of Operational Risk modelling
Open personality with effective communication skills
Lead and coordinate with colleagues and key stakeholders in an international team
Complete presentations, training and lead workshops
Planning and project management skills
Ability to work independently with limited supervision
Communication - Ability to present complex issues confidently and concisely to Technology and HOST Senior Executives and other key stakeholders using non-technical easily understood language
Make considered decisions that protect and enhance HSBC values, reputation and business
Degree in information security, computer science or computer engineering qualifications desirable
Certifications CISA, CISM, CISSP, CRISC, COBIT or ITIL desirable
Job: Risk Management
Title: Senior Technology Control Officer - Payments
Location: New York-Depew
Requisition ID: 0000ANR0

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.