HSBC تعلن عن وظيفة مدير أمن البيانات في الرياض السعودية

About HSBC:

HSBC Saudi Arabia provides investment banking services to the full spectrum of corporate and institutional clients in both the private and government sectors, including public companies; private companies and establishments; funds; government agencies; and family businesses and offices

Role Purpose (overall high-level summary of the role)

The role holder is responsible for developing, implementing and monitoring adherence to information security policies and procedures in HSBC SA business operations. The role holder is also responsible for creating awareness on security risks and potential fraud within the businesses, and for the Business Continuity Risk Management (BCM) As part of SMART IT Segregation the role holder is also responsible for Data Security.

• The role holder is responsible for all aspects of Information Security Risk across the HSBC Saudi Arabia. This includes Data Security, Threat & Incident Management, Business Controls, Third Party Security and Technical Security. The role holder is responsible for all aspects of technical security including but not limited to facilitation and interpretation of infrastructure security and application security, and operating access management controls.
• The role of the Manager Information Security Risk is to assist the HSBC SA business and IT with ensuring that their critical services have been subject to adequate due diligence, relevant risks (e.g. Cyber and resilience risks) are captured and risk impact is evaluated according to HSBC risk framework, technology and business functions understand their risk, the continued and ongoing effectiveness of their security control environment to inform their risk decision making (e.g. going live with projects) via adequate metrics so the business can manage their risk against their risk appetite.
• The role holder will be part of a team, which provides support to the CISO and CRO with the design and execution of the Cyber security strategy.
• The role holder will also advise all parties involved in the management and operations of security controls around HSBC SA services critical services and take forward security improvements and remediation activities. The consultant will also advise and support to HSBC SA IT Teams, liaise and co-ordinate with security teams who conduct application security risk assessments and manage security controls on our behalf. Assess / check the technical security solutions to ensure that HSBC SA is not un-necessary exposed to any risks and that all risks are (in the process of being) mitigated within the risk appetite as set by the HSBC SA management.
• The ideal candidate will have deep technical understanding of security controls and come from a hands on technical background, strong stakeholder management skills and a desire to develop and learn. Certifications such as CISSP, CISM or equivalent is not essential but desirable.

Principal Accountabilities:

Key activities and decision-making areas

• Own and lead the implementation, operation, and continuous improvement of data security controls, ensuring the confidentiality, integrity, and availability of organizational data across all environments.
• Operate and manage data security technologies and platforms (e.g., DLP, data classification, encryption, discovery, and monitoring tools), including configuration, tuning, enhancement, and ongoing optimization of controls.
• Monitor, detect, and trigger response to data security incidents, ensuring timely escalation, investigation, coordination with SOC/IR teams, and post-incident analysis in alignment with incident management processes.
• Develop, generate, and enhance data security reporting and dashboards, providing actionable insights, risk analysis, trends, and control effectiveness metrics for technical teams and senior management.
• Ensure alignment of data security controls with applicable standards, regulatory requirements, and internal policies, driving compliance and audit readiness across business units.
• Lead data security governance activities, including control ownership, risk assessments, exception handling, control uplift initiatives, and continuous maturity improvement.
• Review, update, and maintain data security policies, standards, and procedures, ensuring alignment with business operations, emerging risks, and global best practices.
• Act as a primary liaison with global and cross-functional teams, including IT, Security Operations, Legal, Compliance, and business stakeholders, to embed data security requirements into business processes.
• Translate technical data security risks and findings into business-focused insights, clearly presenting analysis, recommendations, and remediation plans to senior management and executive stakeholders.
• Drive continuous improvement initiatives, including control uplift, reporting enhancements, tool capability expansion, and operational process optimization.
• Support strategic data security initiatives by bridging hands-on technical execution with governance, policy, and management-level oversight.
• Develop information security policies and procedures as per HSBC group standards as well as in accordance to standards such as ISO and COBIT in order to ensure up to date Information Security and integration solutions at HSBC SA.
• Supervise the implementation and oversee adherence to agreed policies and compliance practices to create a secure environment for HSBC SA’s business operations.
• Review, collate and analyse monthly Business Risk Information Officer Reports with the aim to identify risks to the respective business unit from a policy perspective.
• Maintain a close awareness of best practices and industry standards in Information Security, assess potential security threats and risks to HSBC SA IT infrastructure, systems, network and data and recommends any improvements in policies.
• Enforcing appropriate security standards for access control function / IT Security and monitor all exceptions closely.
• Implement and manage the BIRO program for HSBC SA and ensure all risk assessment activities are being undertaken within those areas to which a BIRO is assigned. Work directly with the respective staff to explain the risk assessment process and the, the means of identifying risk, the steps to measure it and the actions to be taken to mitigate / eliminate it
• Support all general information security / risk oversight and awareness programs being implemented across the business. Activities such as town hall meetings / marketing initiatives / informal meetings, which are designed to address information topics.

Qualifications / Experience (For the role - not the role holder. Minimum requirements of the role.)

Qualifications:

• Typically educated to degree level, within Cybersecurity Industry qualifications (CISSP, CISA, CISM) preferred.
• 4 to 5 years’ experience in Data Security Engineering.
• Experience on DLP products such as Symantec DLP, SkyHigh DLP with hands-on experience for deployment of data discovery tools.
• Demonstrable experience on Data in Motion and/or Data at Rest Security.
• Experience in Agile Methodology and project planning & management.
• Experience in Data Incident management

The Job holder will be responsible for:

• Involving in Cyber Security projects and creating Engineering solutions in Data Security Area
• Configuring and running DLP solutions and data scanning tooling
• Providing production support to Data Security tooling (such as Symantec, McAfee, MIP)
• Using Confluence and Jira for Project and Production support tasks
• Stakeholder Management: Business communication and Audit management