Role
Technical PM role-holder is charged with protecting the HSBC brand, shareholder value, information and financial assets, managing a team across the globe in the following ways:
- Implement requirements across key programmes
- Provide project management expertise to the programme
- Supporting the delivery and operating Strategy
- Providing key representation for and source of expertise on all issues.
- Support the delivery of tooling to implement controls ensuring compliance with Information Security policies and standards globally including any regulatory requirements.
- Collaborate to drive the implementation of the enterprise wide and regional / business level IT Strategy.
- Ensure information security requirements are adhered to globally by ensuring effective compliance and measures are in place.
- Work closely with the team as the 1LOD function and understand strategy while maintaining visibility of their IT security risk profile, exposures and control effectiveness and to provide robust challenge to the same audience when information security risk appetites are breached.
- Drive engagement with all relevant regional and global stakeholders (Payments IT colleagues across Strategy and Architecture, Security Shared Services, Security Engineering and business and IT Functions).
Container Security Skill sets
- Detailed understanding of securing the end to end image/container lifecycle from image build to production deployment
- Understanding of Kubernetes and Docker security
- Understanding of automated security testing approaches and tools such as KubeTest, NetAssert, GOSS, Grafeas, KubeHunter a plus
- Detailed understanding of Cloud security fundamentals, including cryptography and the shared responsibility model
- Experience with the AWS cloud platform including AWS services such as EKS, ECS
- Detailed understanding of AWS Security principles and services, AWS Config, AWS IAM, AWS KMS, AWS networking from a security perspective
- Experience in the following subjects would also be beneficial:
- Threat modelling and security design experience in methodologies such as STRIDE or PASTA
- Understanding of OWASP top 10 vulnerabilities and remediation