• Define, design, evaluate and maintain the CMB Business Cybersecurity architecture
• Drive the implementation of secure design through guidance and assurance.
• Measure adherence to the security architecture within CMB to drive progress.
• Security product/service selection & implementation with associated processes and controls
• Delivery of solutions architecture consulting.
• The role will be hands-on and cuts across all the CMB IT teams and Architecture disciplines: Application, Solution, Technical, Information and Enterprise.
• Principal Accountabilities: Key activities and decision making areas
• Impact on the Business
• Champion the development and implementation of CMB’s target state Security Architecture.
• Govern the introduction of new security techniques, products, services, technologies and standards where needed against identified use cases and taking into account commercial.
• Have a holistic knowledge of CMB’s most critical business systems
• Stay abreast of technology trends and advise IT and the business about potential benefits/impacts.
• Propose innovative architectural solutions to address security capability and control gaps
• Plan strategic roadmaps and position the Business to provide new customer services secured by the latest security capabilities
• Own CMB related security patterns for all layers of the stack (from network fabric, to hardware and OS) as well as service models (IaaS, PaaS, Saas), and ensure alignment with security policies and standards
• Customers / Stakeholders / 3rd Parties
• Work closely with CMB Architects, Solution Designers, Enterprise Security Architecture and Cybersecurity Assessment. (CSAT).
• Work with stakeholders to communicate, educate and influence key security controls and strategic direction
• Participate in continual improvement of CyberSecurity by investigating new security processes, technologies, and tools, and regular communication of related information.
• Leadership & Teamwork
• Evangelize the benefits of security architecture, accepted best practice techniques, standards and tools to CMB
• Develop and evolve security best practice within CMB
• Drive target state security architecture execution in collaboration with stakeholders
• Lead security information sharing across CMB
• Operational Effectiveness & Control
• Manage security architecture reviews through Technical Design Authority (TDA) and Solutions Architecture Board (SAB) ensuring peer review of all projects
• Ensure that any new services/projects are taken through the Technology Design Authority (TDA)
• Drive usage and creation of security patterns/ services
• Ensure compliance with all relevant internal instructions (FIMs, GSMs, circulars) and external regulatory requirements, including the management of operational risk and adherence to the Group’s standards of ethical behaviour
• Major Challenges:
• Understand Commercial Banking strategy and drive the IT Security target state architecture to ensure IT’s current and future capabilities satisfy these business needs. Influences IT stakeholders to ensure that the necessary investments are made to deliver required security services/capabilities. Initiates improvement in services, products and systems.
• Leads development and communication of Commercial Banking’s Cybersecurity Assurance. Ensure CMB’s governance framework provides clear decision-making on security. Promotes security policies, practices and decisions that recognise the current and evolving needs of all the stakeholders.
• Provision of security consultancy services. Takes full responsibility for the balance between non-functional, service quality and systems management requirements.
• Drives security design activities, promoting the discipline to ensure consistency. Ensure appropriate adherence to HSBC standards.
• Coordinates the identification and assessment of the security impact of emerging technologies & innovation.
• Ensures projects/ systems are reviewed for compliance with HSBC’s security standards, policies and target state architecture strategy. Ensures that any identified security risks are highlighted appropriately.

• Bachelor’s degree in Computer Science, Cyber Security or a related field
• At least 7+ years of relevant IT experience, including exposure to design, engineering, implementation and operations (3-5 of those years to be devoted specifically to security)
• Experience of performing security design reviews, ideally including threat assessment / threat modelling
• Ability to provide direction and guidance on security architectural use cases and requirements.
• Familiarity with Industry Standard Security Frameworks such as NIST Cybersecurity Framework, ISO 27001/27002, ITIL, COBIT. IT or cloud related security qualifications desirable.
• Experience in defining future architectural strategy and roadmaps
• Experience with role-based authorization methodologies, authentication technologies and security attack pathologies
• In-depth knowledge of key IT domains particularly computing platforms (Windows, UNIX and Linux) and networking technologies
• Knowledge and experience with perimeter security controls such as firewall, IDS/IPS, network access control, and network segmentation
• Proficient in security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies Security Architectural experience working in complex organizations.
• Comfortable working with ambiguity and conducting research as well as managing third party vendor(s).
• Ability to write position papers on highly complex topics for a business audience to assist in decision making
• Experience building reference security architectures and adapting them for business use cases.
• Understanding of Cloud service models (IaaS, PaaS, SaaS), and supporting technologies.
• Experience with any of the industry Cloud technologies such as Amazon Web Service, Azure, Google Cloud, etc., as well as virtualization technologies (VMWare, MVS, xEN, Virtual Box, etc...)
• Familiarity with deploying and securing container technology, VM Ware ESXi, and OpenStack is desirable
• Understanding of network technologies including SDN, routing (including VRFs), and enterprise network designs.
• Knowledge of third party auditing and cloud risk assessment methodologies

上班地址：西安市高新区云水一路3639号F1楼