Senior Manager, DPO and Data Risk - Global Functions

Job description

Some careers grow faster than others.

If you’re looking for a career that will give you plenty of opportunities to develop, join HSBC and your future will be rich with potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Global Risk is a thriving and expert risk management function supporting HSBC globally with all aspects of risk management. The team actively manages a varied and dynamic range of risk types, including security, fraud, information security, contingency, geopolitical, operational, credit, pension, insurance, market and reputation risks. All parts of the Global Risk team use their skills, insight and integrity to handle established threats and those they see emerging, acting to protect and enable HSBC to deliver sustainable growth.

We are currently seeking a high calibre professional to join our team as a Senior Manager, DPO and Data Risk.

Principal Responsibilities

Global Enterprise Risk Management (ERM) is a sub function of Group Risk and Compliance. The ERM function will support the integration of our Group Framework and Appetite Management, and have broad oversight of the Risk Taxonomy. While the core risks of the bank remain consistent compared to a few years ago, the way in which they manifest, the speed to crystallisation and the connection points between them have become increasingly complex. It is therefore essential that we are equipped with the knowledge to navigate the dynamic and interconnected risk landscape of today. The objective of enterprise risk management is to develop a holistic, portfolio view of the most significant risks to the achievement of the Group’s most important objectives.

Data Privacy Officers (DPOs) are responsible for ensuring HSBC meets its obligations under data protection and privacy laws within their particular jurisdiction. They provide expert advice, guidance and direction and support the necessary standards and controls to enable the Bank, including its employees and relevant third parties, to manage privacy risks and comply with obligations under data protection laws in relation to the processing of personal data. To establish a culture of privacy within HSBC, the DPO will need to work collaboratively with key senior stakeholders across the business and will be accountable for keeping executives appraised of privacy risks and issues.

The Senior Manager, DPO and Data Risk, is responsible for supporting and delivering the above responsibilities, with more detail provided below.

DPO

• Informing and advising the business and its employees of their data privacy and protection compliance obligations
• Providing expert guidance, oversight and challenge on all aspects of data protection and privacy risk strategy and compliance focusing efforts on areas that present higher data privacy risks
• Monitoring compliance with data privacy provisions and with HSBC Group policies relating to the protection of personal data, including the assignment of responsibilities, staff education and awareness training, and ensuring remediation of any related audit findings
• Reviewing and advising on Data Protection Impact Assessments (DPIAs) and monitoring performance of mitigations, where necessary
• Cooperating with the regulatory authority
• Acting as the contact point internally and externally with data subjects and the regulatory authority
• Advising on, and providing the business with support, to ensure the necessary safeguards and controls are in place to ensure compliance with requirements for international data transfers by identifying all circumstances in which personal data is transferred outside of the relevant jurisdiction
• Provide incident management advice and/or support as needed and ensure that data incidents and breaches are responded to and managed effectively with data subjects and that the relevant authorities are informed within necessary timeframes

Data Risk

• Provide technical data risk advice and support to the Singapore ERM Business & Functions coverage team to ensure they understand and are aware of the control environment and assessment of risk within the country commensurate with the scale and nature of operations
• Support the ERM Business & Functions coverage team to explain in non-technical terms the impact of issues or events, and top and emerging risks that may require changes (for example, to controls, resources or business operations) to remain within respective Risk Appetite. Support the ERM Business & Functions coverage team to ensure Risk and Control Owners have a clear understanding of the effectiveness of the current control environment
• Monitor the local external environment to get early sight of emerging data risks and provide detailed guidance on controls required to mitigate against them. Build and maintain relevant cross-organisation and industry relationships
• Deliver tailored and specific expertise, as well as review and challenge, across Singapore enabling 1LOD to successfully deploy and operate mitigating key controls
• Provide technical guidance to support development and completion of Enterprise Risk and Regulatory reporting obligations (e.g. RAS, Top & Emerging Risks, Risk Profile Reporting, RMM, Board reporting where relevant, etc)
• Ensure the root cause of relevant local data risk issues and events are fully understood and correctly treated
• Ensure any concerns with key controls and material change programmes, relevant to data risk, are understood and escalated (i.e. within country, to region and/or global peers) as needed
• Work in conjunction with the ERM Business & Functions coverage team and 1LOD to escalate any data risk matters
• Lead Singapore regulator and audit engagement pertaining to data risk; ensure regulatory compliance for the specialist area/s and timely completion of Audit actions and findings

Emerging Risks & Change Oversight:

• Ensuring critical issues, events and incidents both in key controls and material change programmes are managed and understood by and escalated to appropriate governance forums for appropriate and timely resolution
• Educating stakeholders to understand the impact of emerging risks that require changes to controls, resources and business operations to ensure they remain within appetite
• Ensuring that Data Risk related initiatives are not adversely affected as a result of poor planning, testing and approach during the delivery of significant change

Conduct Impacts:

• Overseeing, escalating and providing guidance on the identification of conduct impacts across Data related risks and activities owned by the 1LOD, including where control weaknesses and risk events impact the delivery of good outcomes

Requirements

• Strong leader with the ability to influence at the senior levels of the organisation
• Strong level of DPO and Data risk management knowledge and relevant deep experience
• Strong level of business knowledge and experience of working in the key resilience risk specialist areas
• Ability to communicate effectively, building strong relationships and influence senior internal and external stakeholders
• Comprehensive knowledge of the external environment (threat, regulatory, geopolitical, competitor, technological landscapes)
• Comprehensive knowledge of the internal control environment
• A BA or BS University Degree, plus a professional certificate in one or more RR specialist disciplines, an advantage

Key Capabilities

• Providing Expert Advice and Robust Challenge
• Delivering Risk Steward Policies
• Oversee, Review, and Challenge Risks and Controls
• Understanding and Applying Risk Management in Context

You’ll achieve more when you join HSBC.
www.hsbc.com/careers

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hongkong and Shanghai Banking Corporation Limited.