Job Description

London/Sheffield
2.    WAAP capability / product lead: experience in WAF / Reverse Proxy / API protection application / network security strategy uplifts 
•    We are looking for a Cybersecurity leader to join us to shape our long-term strategy, and turbo-charge delivery, as the accountable owner for Web Application Security & Protection (WASP) across the bank. This senior role reports directly to the Global Head of Network Security. 
•    Strategy: Define and maintain our global strategy for WASP, supported by engineers, platform owners, architects and Control Owners, enabling business success, meeting regulatory expectation and best practice, whilst responding to current and likely threat actor evolution.
•    Delivery: Own the investment roadmap for WASP and its successful delivery across multiple partners. Ensure the transparent prioritization of a common backlog to drive risk reduction, simplification and wider strategic needs. Ensure risk-risk trade-offs are managed, particularly risk mitigation and operational needs.
•    Innovation: Empower HSBC to successfully navigate cyber risk with innovative, responsive and frictionless technologies and services, both those delivered in-house and from external partners. Foster and empower a culture of innovation, experimentation, and continuous improvement.
•    Partnership: Develop with colleagues throughout technology and the business innovative technical solutions that meet both current and future business needs, ensuring the bank’s infrastructure remains scalable and resilient. Drive the shift-left of WASP in partnership with DevOps. Partner with external technology providers and security specialists to integrate best practice and leverage or build cutting-edge tooling.
•    Services: define, operate and mature a business service supporting adoption and tuning of protections, as well as being a trusted advisor and point of escalation for technical and business teams managing online services, ensuring security requirements are understood and effectively implemented.
•    Oversight: Ensure WASP is overseen end-to-end, robustly and throughout the organisation: from platform acquisition, service deployment through to federated operation. Drive a data-centric approach to observability and assessment, wherever possible supported by automation, measures and analytics.
•    Accountability: Ensure regulatory and risk management outcomes are being maintained or robustly managed. Ownership of High-Risk Audit, Regulator and self-identified issues. Ownership of the capability budget, balancing run and change investment. As a senior leader, contribute to and champion change across both Cybersecurity and Technology, occasionally outside of your primary remit.
•    Talent: Lead, manage, invest in, recruit and inspire a team of highly skilled and performant SMEs across the globe. A culture driven by empowerment, experimentation, learning, partnership and delivery. A place where colleagues thrive, solving meaningful problems that keep the bank and its customers safe.

͏

Do

1. Develop architectural application for the new deals/ major change requests in existing deals

a. Creates an enterprise-wide architecture that ensures systems are scalable, reliable, and manageable.

b. Manages application assets and directs the development efforts within an enterprise to improve solution delivery and agility

c. Guides how to construct and assemble application components and services to support solution architecture and application development

d. Maintains the  frameworks and artefacts used in the implementation of an application, with reference to the systematic architecture of the overall application portfolio

e. Responsible for application architecture paradigms such as service-oriented architecture (SOA) and, more specifically, microservices, ensuring business achieve agility and scalability for a faster time to market   

͏

2. Understanding application requirements and design a standardize application

a. Creating Intellectual Property in forms of services, patterns, models and organizational approaches

b. Designing patterns, best practices and reusable applications that can be used for future references

c. Ensure system capabilities are consumed by system components and set criteria for evaluating technical and business value in terms of Tolerate, Invest, Migrate and Eliminate

d. Provide platform to create standardize tools, uniform design and techniques are maintained to reduce costs of maintenance

e. Coordinating input on risks, costs and opportunities for concepts

f. Developing customised applications for the customers aligned with their needs

g. Perform design and code reviews thoroughly on regular basis, keeping in mind the security measures

h. Understanding design and production procedures and standards to create prototypes and finished products

i. Work closely with systems analysts, software developers, data managers and other team members to ensure successful production of application software

j. Offer viable solutions for various systems and architectures to different types of businesses

k. Seamless integration of new and existing systems to eliminate potential problems and maintain data structure and bring value in terms of development

l. Transforming all applications into digital form and implement and evolve around mesh app and service architecture that support new technologies like IOT, blockchain, machine learning, automation, BOTS etc