Operational and Resilience Risk, Data Resilience Senior Manager, USA

At HSBC, the health and well-being of our employees remains of utmost importance. Many of our roles are permitted to work from home (in states in which HSBC is licensed to operate) until further notice. Upon resumption of normal operations, this role may be performed at our Arlington Heights, Illinois office.

US Operational and Resilience Risk (ORR) is a sub-function of Group Risk. Its purpose is to ensure HSBC understands, and is in control of, its non-financial risk position. In addition, the function provides resilience risk stewardship to US businesses, functions and entities in which the US bank operates.

Data Resilience is the ability to provide critical services to HSBC's customers, affiliates, and counterparties, during sustained or significant operational disruption related to data (i.e. quality) or information (i.e. data that has consumable business value to an end-user). The risk type focuses on confidentially, integrity, and availability through the data lifecycle - notably, data risk oversight related to legal (i.e. data privacy) and regulatory compliance (i.e. data localization, record management) topics are beyond the scope of this role.

The Data Resilience Senior Manager will serve as a specialist as part of HSBC's second line of defence Operational and Resilience Risk team. The role holder will contribute their expertise in information technology, data quality monitoring (rules ensuring data is complete and accurate), data dictionaries (rules for validating data at capture or during maintenance), and data lineage (flow of data from system-to-system) to provide robust, credible, insightful and constructive oversight and challenge to first line of defence IT stakeholders. The role enables business-facing Operational and Resilience Risk teams to provide tailored expertise to risk owners.

The key accountabilities of the US ORR Data Resilience Senior Manager role include:
  • Risk Management Expert: Experienced risk management specialist in information technology for data security and/or data quality, data simplification, data analytics, commercialisation of data.
  • Risk Taxonomy: Leads the design, socialization, and implementation of the data-related elements of HSBC's Information Technology and Cybersecurity risk and control taxonomy. Ensure robust oversight and credible challenge with clear expectations set with IT and business data Control Owners. Works closely with the first line of defense (including USA Chief Data Officer their respective teams) to agree required outcomes and remediation priorities.
  • Risk Appetite: Monitor US Resilience Risk Appetite and oversee first line of defense reporting to governance committees. Work with US ORR Business and Functions teams to ensure US businesses understand the impact of any Resilience Risk appetite breaches that require changes to controls, resources and business operations.
  • Risk Policy: Provide subject matter expertise and credible challenge on US Resilience Risk policy dispensations and risk acceptances.
  • Change and Event Incident Oversight: Direct guidance, oversight and challenge on key data-related Information Technology and Cybersecurity Risk issues, material internal incidents, external events, and strategic bank change programmes to ensure risks are quantified and appropriate actions are taken.
  • Risk Position and Challenge Papers: Deliver insightful and evidence-based papers pertaining to data-related Information Technology and Cybersecurity Risk positions to US boards, Risk Management Meeting (RMMs), Control Environment Management Meeting (CEMMs), and related forums.
  • Regulatory Awareness: Apply expert guidance on HSBC's adherence to data-related legislation and regulations from government organisations, regulators, and industry organisations.
  • Influencer: Build and maintain relationships with key business and operational stakeholders, serving as a credible challenger regarding HSBC's Information Technology and Cybersecurity Risk treatment.

Impact on the Business
  • Within U.S. scope, provide credible challenge (1) across all data resilience risks, (2) across scenario analysis activities for both capital adequacy and IT risk management purposes, and (3) across data resilience elements of the RCA process and the use of the RR Risk and Control Library
  • Responsible for the review of controls relating to data resilience risks
  • Review of internal and external events for their focus area, to disseminate the insight and learnings applicable to key Products and Services across the business
  • Oversee their focus area of 1LOD IT adoption of Standards, Processes and Procedures required to implement the Policy objectives
  • Maintain on-going visibility of their focus areas' key initiatives and helping to prioritize RR oversight according to IT risk
  • Provide risk opinion, guidance and credible challenge to their focus area on dispensation requests
  • Manage and maintain close oversight on various RR data-related incidents with a view to provide credible challenge that risk and impacts have been handled effectively

Customers / Stakeholders
  • Influence and provide direction to the 1LOD and ORR Business & Functions team to ensure they fulfil own roles and responsibilities and manage data resilience risk according to the Group's frameworks and within stated appetite
  • Build and maintain relationships with external partners, regulators, industry bodies and others to keep up to date with developments
  • Manage relationships with wider ORR team

Leadership & Teamwork
  • Challenge and influence to ensure specialist advice and guidance is understood and followed
  • Work in conjunction with ORR Business & Functions team and the wider RR Specialist team
  • Support diversity and reflect the HSBC brand and organisational values.

Operational Effectiveness & Control
  • Partner with ORR Business & Functions team and 1LOD to identify, measure, mitigate, monitor and report data resilience risks
  • Partner with ORR Business & Functions team regarding Implementation of country Internal Audit and ORR recommendations and directions for the improved use of the Risk Framework related to the specialist area.

Major Challenges
  • Operating with influence and gravitas across all Lines of Defences within Global Businesses/Functions and Legal Entities within USA, in relation to the management and oversight of data resilience risk
  • Providing clear delineation between accountable activities under operational and resilience risk
  • Maintaining a commercial understanding without compromising standards of internal control and organisational risk appetite in a growing and successful business.

Role Context
  • Reporting to Head of Operational and Resilience Risk, Data Resilience, USA, the role holder will maintain close working relationships with the wider ORR team, locally, regionally and globally.
  • HSBC serves the needs of retail, corporate and institutional clients delivering innovative and integrated financial solutions. The Risk function discharges oversight on the management and monitoring of financial and non-financial risk by the businesses and their support functions.
  • The importance of non-financial risk and control has increased in recent years and is now the most influential subject for senior management, boards, and regulators. An organisation's ability for effective identification, measurement and mitigation of non-financial risk will have a significant impact on the achievement of strategic objectives.
  • The role has influence over a wide group of stakeholders and employees across the organisation.

Management of Risk
  • Responsible for ensuring awareness of the ORR risk impact associated with the role and must act in a manner that takes account of ORR risk considerations.

Observation of Internal Controls
  • You will adhere to and be able to demonstrate adherence to HSBC internal control standards. This is achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.


Employment eligibility to work with HSBC in the U.S. is required as the company will not pursue visa sponsorship for these positions
  • Subject matter expertise in one or more resilience technology risk categories (i.e. data security), including understanding of industry best practices, frameworks, and regulatory guidelines
  • Fluid understanding of risk management principles, including experience with policy development, control definition, and application of controls in a business content
  • Ability to serve as trusted advisor and challenger of first line of defense stakeholders
  • Strong written communicator with demonstrated analytic skills
  • 6-10 years experience in related technology role(s)
  • Bachelor's degree and/or professional certificate in related discipline
  • IT, IT security, an/or risk management certifications preferred (including CRISC)

Key Capabilities
  • Providing Expert Advice and Robust Challenge
  • Delivering Risk Steward Policies

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.