Role Title: Risk, Process and Control Director

Business: Global Banking Markets

New or Existing Role – New

• One of the 3 pillars within the GBM Chief Control Office, the Risk Process and Control team drives the consistent application and effective implementation of Non-Financial Risk, within GBM.
• The role will include, inter alia, directing and managing the following (or a subset thereof as agreed with management):
• NFR Optimisation & Embedding – Responsibility for the validation and effective embedding of the ORMF including regulatory change and oversight of RCAs including control design
• Process Design, Control Monitoring and Remediation – Responsibility for overseeing an efficient methodology for Front-to-Back processes across GBM.
• The role holder will be responsible for the following:
• Leading the GBM COO Cyber, Information Security and Systems capability, participating in NFR governance, including Design Authority, Delivery Board, and design and implementation working groups to ensure that impact of the programme with respect to Cyber, Information Security and Systems on GBM Businesses is understood and can be efficiently implemented, whilst ensuring that GBM business understanding of these risks is owned and managed globally.

Impact on Business

• Act as a leader, alongside the Head of Risk Process & Control to drive the direction, co-ordination and delivery of the Cyber, information Security and Systems risk and control agenda within the Process and Control function.
• Assist the Global Businesses in the identification, documentation and resolution of information security and technology risk issues (liaising with relevant functions, e.g. CCO Technology, where required) covering the full gamut of risks from internal/external security threats, to technology risks related to capacity, performance, availability, asset management, change, third parties and other risks facing GBM’s current and future technology environment.
• Provide support to businesses requiring Information Risk / Cyber expertise for client interactions
• Contribute to the design of roles, responsibilities, capabilities and learning framework for the First Line of Defence
• Gain a deep understand of the Operational Risk System (Helios) and the impact of change on the system and the Business operating model.
• Support the realignment of culture and behaviours across the Three Lines of Defence in line with the Group values and the Target Operating Model for operational risk management

Customers / Stakeholders

• Support GBM CCO Senior Management in ensuring the appropriate control structure is in place and that control issues that have been highlighted are addressed appropriately.
• Develop and maintain strong relationships across the First, Second and Third Line to deliver results.
• Deliver agreed objectives, managing any conflict situations as they arise.
• Ensure appropriate, timely and relevant information is provided to GBM CCOs and work closely with them to facilitate implementation

Leadership & Teamwork

• Highly motivated to deliver results with little direction.
• Ability to deal with difficult and conflicting situations, clearly articulate an argument to influence the outcome.
• Ability to engage regularly with GBM colleagues at the highest level.
• Be an effective ambassador to represent the First Line of Defence across the 3 Lines of Defence
• Share knowledge, experience and best practices with Global and Regional teams and promote a collective culture to spread experience & best practice

Operational Effectiveness & Control

• A detailed understanding of effective governance structures in order to promote better decision making and stronger risk management.
• Well-developed forensic skills.
• Ensure a robust governance framework has been established which is clear and well understood across the GBM community.
• Implement supporting strategies, policies and procedures to ensure that operational risks are managed closely and effectively in a commercially sensitive and practical manner.

• The role operates in a highly-matrixed organization spanning multiple businesses and regions.
• Different businesses and regions will have different points of departure for the change meaning that the solutions and roll out will need to be tailored to each business and potentially each region and country.
• Each business and each region will also be subject to other change initiatives (including both Global and Local programmes). Strong relationships will be needed to understand and coordinate solutions with these initiatives and to negotiate with the associated stakeholders to resolve conflicts and dependencies where necessary.
• The change will have impact across the Three Lines of Defence and the broader management of HSBC and as such has a large number of stakeholders.
• The change is complex and contains many individual initiatives with durations ranging from a few months to several years.
• The need to work without close guidance, potentially for long periods of time.
• To remain balanced but firm under pressure, and where appropriate to challenge Risk Stewards recommendations, competing priorities or unrealistic timelines

• Functional and entity reporting relationship to GB&M Head of Risk Process & Control
• Close working relationships with Function Heads, COOs and stakeholders.
• HSBC is going through an unprecedented period of change in its move to a sustainable globally-led and connected organisation. There is increasing external scrutiny and pressure on the Financial Services industry from governments, regulators, media, investors and brokers. The role holder needs to understand the impact and influence of all these agents on GBM and the wider Group, and support the GBM CCO as required. The role holder will be required to interact with many internal and some external parties at senior levels of management, so needs a high level of professionalism and gravitas.
• The jobholder will form part of the global GB&M CCO team.
• As the NFR Transformation Lead, the role holder will support GB&M CCO team, and work across the Organisation with the Global Business & Function peers to meet Group objectives. They should also actively leverage support from the GBM Regional CCO Group
• The individual will be based in London with likely travel to HK, NY and Paris work under the guidance of the GB&M Head of Risk Process & Control to whom he/she directly reports

• The role holder will:
• Continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology and services. This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring and by owning and managing any areas of concern.
• Is aware of the operational and reputational risks associated with the role and acts in a manner that takes account of these risks.

Observation of Internal Controls

• Ensure compliance with internal Data Protection provisions.
• Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators
• Understands, follows and demonstrates compliance with all relevant internal and external rules, regulations and procedures that apply to the conduct of the business in which the jobholder is involved, specifically Internal Controls and any Compliance policy including, inter alia, the Group Compliance policy.