Head of Infrastructure Security

Big Bank Funding. Fin Tech Thinking.

HSBC’s technology teams collaborate with global businesses and infrastructure functions to design, build and run digital services that allow millions of customers worldwide to bank quickly, simply and securely. We run and manage an enormous technology estate, including data centres and banking systems.

We are looking for a Head of Infrastructure Security to shape our long‑term strategy and turbo‑charge delivery as the accountable owner for Infrastructure Security across the bank. This role ensures secure configuration and protection of operating systems (Unix/Linux, IBMz/i), databases (Oracle, SQL Server, Mongo

DB), cloud assets (containers), middleware (Web Sphere, MQ), virtualization technology (ESX), network fabric (F5s, switches) and end‑user devices (ATMs, VDI, mobile).

• Strategy:
  Define and maintain our global strategy for Infrastructure and Endpoint Security, supported by engineers, platform owners, architects and multiple control owners, enabling business success, meeting regulatory expectation and industry-benchmarked best practice, whilst responding to current and likely threat actor evolution. Includes: security standards as code; continuous platform security assessments, security agent optimisation, and risk-based capability expansion and maturity uplift.
• Delivery:
  Own the investment roadmap for Infrastructure and Endpoint Security and its successful delivery across multiple partners. Enable multiple cyber mandates to be enforced by default. Ensure the transparent prioritisation of a common backlog to drive risk reduction, simplification and address wider strategic needs. Influence, challenge and steer delivery within partner teams across Technology (e.g. Distributed Compute).
• Innovation:
  Empower HSBC to successfully navigate cyber risk with innovative, responsive and frictionless technologies and services, both those delivered in-house and from external partners. Foster and empower a culture of innovation, experimentation, and continuous improvement. Near‑term focus on platformification.
• Partnership:
  Form close partnerships with engineering teams: as design partners – for how capabilities will be implemented and operated, at times in novel ways; as customers – understanding their needs as they consume secure baselines or ope rationalise new platforms, and as delivery partners – prioritising change within Cybersecurity Engineering teams, and to drive bank‑wide adoption of uplifts.
• Services: define, operate and mature secure baseline maintenance and security consulting to platform and infrastructure owners across the bank. Support / implement security changes on certain core platforms. Analysis of signal and event data from endpoint security capabilities, driving continual optimisation and end‑to‑end efficacy against threat activity. Provide security consulting, especially early‑on in the design journey.
• Oversight:
  Ensure Infrastructure and Endpoint Security is robustly managed, end‑to‑end, throughout the organisation: from platform acquisition, service deployment through to federated operation. Drive a data‑centric approach to observability and assessment, supported by automation, measurement and analytics.
• Accountability:
  Ensure regulatory and risk management outcomes are being maintained or robustly managed. Ownership of High‑Risk Audit, Regulator and self‑identified issues. Ownership of the capability budget, balancing run and change investment. As a senior leader, contribute to and champion change across both Cybersecurity and Technology, occasionally outside of your primary remit.
• Talent:
  Lead, manage, invest in, recruit and inspire a team of highly skilled and performing SMEs across the globe. A culture driven by empowerment, experimentation, learning, partnership and delivery. A place where colleagues thrive, solving meaningful problems that keep the bank and its customers safe.

• Proven experience in technology leadership roles, running high performing technology teams.
• Robust understanding of common industry cyber security frameworks, standards, and methodologies, such as CIS and NIST.
• Stro…