Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.

We are currently seeking an experienced professional to join our team in the role of Head of Crowd-sourced Security Testing

Business: Cybersecurity

Principal responsibilities

The Head of Crowd-sourced Testing leads Bug Bounty activities across HSBC, including the delivery of requirements under the Firm’s cybersecurity controls. They are responsible for ensuring engagement with “the crowd”, ensuring information about all applicable services is available to security researchers, triaging, managing, and communicating findings to internal technology teams, and identifying thematic issues and driving targeted engagement across these areas.

The role includes, but is not limited to:
• Accountable for the delivery of the Bug Bounty to meet the requirements of HSBC’s cybersecurity controls, auditors, and global regulators.
• Responsible for ensuring the crowd is leveraged with well scoped with clearly defined objectives, and delivered on time through an approach that scales and minimises operational risk.
• Responsible for identifying thematic findings in line with threat actor techniques and procedures, and the shifting technology landscape within HSBC, and driving the crowd to target these areas.
• Accountable for the delivery of the change and continuous uplift across crowd-sourced testing.
• Global Control Operator for Crowd-sourced Security Testing under VIAO.3 (Offensive Security) control and protecting the bank’s technology, information, and customers.
• Leadership of a small team to manage operation of the Bug Bounty.