Senior Threat and Controls Assessment Specialist – Cybersecurity

As a Senior Threat and Controls Assessment Specialist – Cybersecurity, you will be working for our client, a leading global financial institution committed to delivering secure and innovative digital banking solutions. You will play a pivotal role within the HSBC Cybersecurity team, focusing on threat modelling and risk assessment for complex banking services, including cloud platforms, to safeguard millions of customers worldwide. This is your chance to contribute to cutting-edge security efforts at an international scale, with opportunities for professional growth and impact. Your main responsibilities: Perform comprehensive threat and control assessments for various services and platforms, including Azure, AWS, and GCP. Collaborate with developers, architects, and technical leads to understand service architectures and identify control gaps. Stay current with industry trends, best practices, and emerging security threats. Guide and mentor less experienced team members, sharing your expertise in cybersecurity. Liaise with global teams to enhance the Threats and Controls Assessment service and methodology. Act as a key point of contact for cybersecurity issues, providing expert advice and insights. Contribute to continuous improvement of security processes and frameworks within the organization. You're ideal for this role if you have: 6+ years of proven experience in the cybersecurity or technology sector. Deep technical knowledge of threat modelling, vulnerability assessment, and security controls. Hands-on experience working with cloud providers such as Azure, AWS, or GCP. Strong understanding of risk and control management frameworks, including STRIDE and MITRE ATT&CK. Industry-recognized cybersecurity certifications (e.g., CISSP, CRISC, CISM, Cloud Security Certifications) are highly desirable. Excellent communication skills in English, with the ability to explain complex risks to technical and non-technical stakeholders. Experience working in large-scale, multi-national, and diverse environments. It is a strong plus if you have: Certifications in cloud security or security architecture. Knowledge of application design and development lifecycle with a security focus. Expertise in network, host, and application security practices. Language Required for the role: Fluent English (both spoken and written).