Job was saved successfully.
Job was removed from Saved Jobs.

Job Details


Wholesale IT Risk and Control Analyst (0000HC0U_Arlington_Heights)

Business and Financial Operations




Arlington Heights, Illinois, United States

Job description

At HSBC, the health and well-being of our employees remains of utmost importance. Many of our roles are permitted to work from home (in states in which HSBC is licensed to operate) until further notice. Upon resumption of normal operations, this role may be performed at our Jersey City, New Jersey, New York City, New York, Buffalo, New York or Arlington Heights, Illinois office.

Work with all levels of the organization to understand, challenge, monitor, report and properly communicate the IT risk position for US Wholesale IT (WSIT). This includes having a detailed understanding of the risk and control framework, the inputs, control points, measurements and systems used. Work with the US WSIT Development teams guide, monitor and have regular evaluation of control effectiveness for applications squarely owned by US WSIT. The US Wholesale business are also consumers of many globally owned applications which will be the responsibility of this role to understand and communicate control effectiveness for as it relates to risk for the US. The successful candidate should have excellent communication skills, basic knowledge of technology used by the bank, be able to influence teammates, enjoy attention to detail and data.

  • Lead the delivery of risk & control projects and programs for US WSIT.
  • Own the risk & control agenda for US WSIT.
  • Assist service owners in responding appropriately and effectively to firm-wide risk, cyber and corporate control initiatives.
  • Partner with service owners and Asset Class head to identify and assess controls, determine mitigating actions and remediation activities, and understand the overall risk profile.
  • Partner with regional Risk & Control Officers (RCOs) to ensure regional requirements are considered.
  • Advocate and support initiatives to improve accuracy across all Enterprise Golden Source data repositories.
  • Provide technical knowledge to support secure development of applications and remediation programs.
  • Provide visibility of status of action plans and external/internal audit issues
  • Coordinate response to Internal Control Monitoring Plan (ICMP) testing
  • Drive ownership and accountability for Risk Issue and Action Plan Ownership within US WSIT
  • Challenge where appropriate, decisions made on control implementation.
  • Review allocation of issues to asset classes and agree categorization of high/medium/low.
  • Approve the raising and closure of issues, action plans, but look to automate process.
  • Fulfill Department Level Business Information Risk Officer (DBIRO) responsibilities for US WSIT.
  • Advocate security policies and standards to the US WSIT value streams.
  • Integrate into the development process, attending scrums and owning security use cases and stories.