Senior Control Manager - MENAT- GCIO

The GCIO Chief Control Office (CCO) team plays an important role in enabling the bank to operate within its risk appetite by ensuring efficient and effective risk and control management. We do this by providing operational risk and control expertise, specialist technical knowledge and a deep understanding of the businesses and functions we serve.

Key activities include implementation and oversight of the Group’s Risk Management Framework, ongoing and targeted controls assessments, implementing and maintaining robust risk governance, and championing a proactive risk culture. GCIO CCO works closely with partners across all lines of defence and is responsible for maintaining positive relationships with our regulators and external partners.

The Role

In this role you will be required topartner with GCIO CCO function to oversee the risk and control portfolio related to the services CCO Asia and Middle East provides to and/or consumes from the Group.

You will be a leader within the GCIO Chief Control Office (GCIO CCO) Function that directly supporting the UAE/MENAT, however may also be required to support other markets where if required.

This Will Be Achieved By

• Acting as trusted advisor for senior management by partnering to manage their operational risk i.e., risk assessments, control environment, issues management, audits.
• Promoting accountable risk and control decision-making based on quality data and analysis, actively challenging poor, inefficient or excessive controls, related tasks and behaviours.
• Providing specialist risk and control knowledge and insights, leading efforts to continuously improve the control environment and monitoring of risk, including behaviours
• Advising and designing process and controls in a commercially viable, practical and effective manner.
• Identifying trends to anticipate future developments in the risk and control environment.
• Influencing and shaping the development and implementation of future-fit risk management and regulatory frameworks.
• Providing Senior Management with updates on any relevant changes to policy or projects related to operational risk that have an impact on their area of responsibility.
  
  

• Facing off to senior management and managing respective portfolios. Responsible for embedding risk and control management framework, including control monitoring and assurance
• Managing stakeholders across multi-faceted geographies, businesses and functions.
• Presenting and reporting complex risk and control information in ways that are meaningful for different stakeholders
• Applying professional understanding, expertise and judgement to oversee the health of the end-to-end control environment
• Leveraging opportunities to implement more automated, effective and cost-efficient controls and measures of effectiveness
• Providing advice, support and challenge to stakeholders to help them understand and manage controls and risks effectively
  
  

• Analyzing and interpreting risk and control related information to provide insight and improvement with clear and measurable outcomes.
• Delivering clear, concise and consumable messages based on good evidence and informed judgement that support risk and control related decision making
• Monitoring and analysing the performance of the control environment to drive more effective design and operation of controls
  
  

• Support CCO operating model, service catalogue, procedures, and toolkits
• Constructive challenge on control environment and assessment of risk across GCIO
• Ensuring lessons learnt in one line of business/impacting incident are properly understood for all GCIO with associated actions implemented in a timely manner
• Embed risk culture and change delivery capability across the GCIO CCO function
  
  

• Interpret, implement, and monitor compliance with local Regulator(s) within the markets and industry standards across Cyber and Technology.
• Participate in regulatory inspections and audits, providing necessary documentation and explanations.
  
  

• Lead by example, demonstrating core behaviors and values including teamwork, focus, drive and determination.
• Act in a manner that transparently promotes the organization’s values and delivers in an aligned manner.
• Cultivate an environment that supports diversity and reflects the HSBC brand
• Models open communication and collaboration across the team and with stakeholders
• Understanding and energizing others to attain individual and team outcomes and performance targets
• Successfully delivering change through people initiatives
  
  

• Minimum of 10 years’ practical experience in Technology Risk Management, IT Audit, Information Security, or IT Compliance within the financial services sector.
• Comprehensive understanding of IT general controls (ITGC), application controls, and infrastructure security is required.
• Demonstrable expertise in at least one regional technology regulation—such as DFSA, CB UAE, Banking Regulation and Supervision Agency, or Saudi Central Bank—will be highly advantageous.
• Proficiency with leading technology standards and frameworks (e.g., NIST Cybersecurity Framework, COBIT, ITIL) is essential.
• Proven track record in problem identification and resolution, with the ability to address issues impacting both individual and organisational performance.
• Excellent stakeholder management and communication skills, with the ability to influence and constructively challenge at all levels.
• Strong written, verbal, and presentation abilities, particularly in preparing materials for board-level review.
• Adaptable and resilient, capable of managing and prioritising multiple competing demands in a dynamic environment.
• Active, industry-recognised certifications (such as CISA, CISSP, CRISC, CCSP) are considered a significant asset.
• Bachlors Degree is required to obtain UAE work permit.