Data Risk Specialist

Opening Up a World of Opportunity at HSBC

At HSBC, our purpose is to Open up a World of Opportunity. We leverage our unique expertise, capabilities, global breadth, and diverse perspectives to create opportunities for our customers and colleagues through global connectivity. We unite people, ideas, and capital to foster progress and growth, contributing to a better world for our customers, people, investors, communities, and the planet we all share.

As an HSBC employee in Australia, you will gain access to tailored professional development opportunities, competitive remuneration, an embedded flexible working culture, and a comprehensive range of employee benefits. These include market-leading subsidised private health cover, enhanced parental pay and support for returning to work, subsidised banking products and services, bonus leave days, and wellness programs, including discounted gym memberships.

HSBC serves the needs of retail, corporate, and institutional clients by delivering innovative and integrated financial solutions. Enterprise Risk Management (ERM), a sub-function of HSBC’s Group Risk, ensures HSBC understands and controls its non-financial risk position. Risk Specialists provide expert advice across specific risk types: Technology (including Cyber) Risk, Data, Privacy, and Information Security Risk. In-country risk specialists also operate within a regional specialist community. The Data Risk Specialist will maintain close working relationships with the wider ERM team, locally, regionally, and globally.

Key Responsibilities of a Data Risk Specialist

• Provide technical advice and support to the ERM team, collaborating with the first line of defence on evolving data privacy regulations, effective management of data risk, and Technology & Cyber Risk.
• Support the ERM Business & Functions teams to ensure the effectiveness of current controls, develop and implement non-financial risk frameworks, and clearly explain the impact of issues and events.
• Monitor the local external environment to identify emerging risks early, provide detailed guidance on necessary controls to mitigate them, and ensure local operational issues and events are fully understood and addressed.
• Manage stakeholders effectively by building and maintaining relevant organisational and industry relationships.
• Deliver tailored and specific expertise across Australia, enabling the first line of defence to successfully deploy and operate key mitigating controls.
• Provide technical guidance to support the development and completion of Enterprise Risk and Regulatory reporting obligations (e.g., RAS, Top & Emerging Risks, Risk Profile Reporting, RMM, Board reporting where relevant, etc.).
• Assist with Australia regulator and audit engagement pertaining to relevant risk types.

Requirements

• Exceptional business knowledge and experience in Data, Privacy, Technology & Cyber Risk.
• High level of risk management knowledge and relevant experience.
• Comprehensive understanding of the internal control environment within the banking or financial sector.
• A Bachelor's degree in a related field.
• Professional certificate in one or more Risk Resilience specialist disciplines.

Highly Regarded Qualifications

• Professional qualifications such as HKMA Enhanced Competency Framework on Cybersecurity, Information Systems Audit and Control Association (ISACA) certification, or an equivalent qualification from a recognised professional body.

Preference will be given to candidates who hold Australian PR/Citizenship or New Zealand Citizenship, or who can demonstrate current unrestricted work rights in Australia without limitations.

At HSBC, we value different perspectives, succeed together through collaboration across boundaries, and take responsibility, holding ourselves accountable to get things done. Through these values, HSBC is committed to building a culture where all employees are appreciated and respected and where opinions count. We pride ourselves on providing a workplace that fosters continuous professional development, flexible working, and opportunities to grow in an inclusive environment. Applications from First Nations peoples are encouraged.

Key skills/competency

• Data Risk Management
• Privacy Regulations
• Cyber Security
• Technology Risk
• Information Security
• Enterprise Risk Management
• Regulatory Compliance
• Internal Controls
• Stakeholder Engagement
• Audit Liaison