Nottingham, United Kingdom
$600.0/min
N/A
0
$10/min
2021 - current
Head of Technology Governance and Reporting at HSBC
As Head of Technology Governance, I oversee and manage a Technology estate of more than 1,500 applications, services, systems, platforms and infrastructure, serving several lines of business/value streams (Retail and commercial banking, core banking, digital channels, markets and securities and capital markets) and group functions (like Cybersecurity, CTO, Risk, Third Party and Cloud). My management, oversight and Governance broadly falls into the categories listed below; 1) Technology Risk Management - Manage the governance of the banks three main Technology risks; Resilience risk (disruption to business services due to error or accident), Cyber risk (disruption to business due to internal or external malicious actors/activity) and Data risk. I work to ensure that the three risks above are within the banks risk appetite by leading our quarterly risk and controls assessments (RCAs) which assess the inherent risk, take account of our IT controls and then evaluate the outstanding residual risk. Our technology controls including things like vulnerability management, Identity & Access Management (IAM), Data security, Software Development LifeCycle (SDLC), Deployment Management, Change Management, Patch Management, Data management/Usage/Utility/movement/storage, Incident Management and more. 2) Cybersecurity/Information Security- I am the Cybersecurity lead for the Wealth & Personal Banking division of HSBC UK and as such I work with Group Cybersecurity division to deliver and implement the banks Cybersecurity solutions, platforms and tools into WPB UK. I am also the central point of contact and lead in the event of a significant Cyber breach such as a zero vulnerability such as Log4j. As alluded to in the first section, I also manage our Cybersecurity controls such as vulnerability management, Cryptography controls, IAM (MFA -multifactor authentication, privileged access controls, Segregation of duties (SOX), Network security. I also work to ensure that my line of business adheres and aligns to our groups Information security policy as well as globally recognised Cybersecurity frameworks like NIST, COBIT and the ISO27000 suite. 3) Cloud - I am responsible for the oversight and monitoring of all our Cloud migration projects as most of our applications, services and systems are being shifted from on-premise to public and private Cloud owned by a variety of Cloud service providers and Managed Service Providers (MSPs) like AWS, Microsoft Azure and Google Cloud Platform (GCP). In addition, I am also responsible for the Governance , remediation and reporting of Cloud Security issues linked to breaches or unauthorised access (P1 & P2 violations). 4) Third Party Vendor Management- As part of the UK IT exco, I evaluate, assess and purchase third party products, solutions and platforms for delivery into our business and integration into our existing IT estate and architecture. We have a standardised group vendor selection criteria which use to conduct these assessments and purchases. 5) Portfolio Project Management 6) Service Sustainability and Evergreening of legacy services. 7) Incident management and response. 8) Regulatory compliance- Key regulatory frameworks include the UK's Operational Resilience (PRA), NIS2 (EU) and more recently DORA (Digital Operational Resilience Act covering the financial services industry in the EU and their third party providers).