HSBC
CISO, UK Commercial Banking - 12 month secondment

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Ready to shape cybersecurity for UK Commercial Banking at HSBC?
Why HSBC
HSBC is one of the largest banking and financial services organisations in the world. Guided by our purpose of opening up a world of opportunity, our ambition is to become the world’s most trusted bank globally, putting customers at the heart of everything we do.
The Role
As Chief Information Security Officer for HSBC UK Commercial Banking (CMB) you’ll set and deliver the cybersecurity strategy across UK CMB entities, aligning protection with business goals and risk appetite. This role is central to strong risk management and regulatory compliance across frameworks and regulations including NIST, ISO 27001, GDPR and FCA expectations. You’ll partner closely with business and technology teams to maintain robust risk and control standards and to keep the cyber team engineering-led in its approach. You’ll act as the primary liaison for information security, turning complex topics into clear decisions and actionable guidance for executives, Boards and regulators. Success means continuously improving controls, processes and security technologies while providing clear board-level reporting and strong outcomes during incidents. The role reports to the UK CISO supporting the UK CMB CIO and UK CMB Business team.
What you'll be doing
- Set and deliver the UK CMB cybersecurity strategy aligned to business goals and risk appetite
- Own cybersecurity risk management, governance and regulatory compliance across NIST, ISO 27001, GDPR and FCA expectations
- Oversee audits and assessments and provide clear board-level reporting on security posture and risk
- Strengthen controls, processes and security technologies with a focus on continuous improvement
- Partner with business and technology teams to maintain robust risk and control standards across the organisation
- Direct major incident response and coordinate stakeholder engagement through high-impact events
- Engage executives, Boards regulators and external bodies including HMT on cybersecurity topics and obligations
- Build and develop a high-performing cybersecurity team and contribute to global security policy and awareness
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
What we're looking for
- Bring substantial hands-on engineering experience designing and implementing security controls and tooling including knowledge of AI
- Demonstrate deep expertise in cybersecurity, technology and risk management within regulated environments
- Apply strong knowledge of security technologies, frameworks and controls including NIST and ISO/IEC 27001
- Apply strong understanding of regulatory requirements including GDPR and FCA expectations
- Show established experience engaging board-level stakeholders and regulators with clear, actionable communication
- Demonstrate proven experience directing major incident response and managing large-scale cybersecurity issues
- Bring experience developing and implementing security strategy and raising standards across international teams and initiatives
- Hold CISSP, CISM, CISA, CRISC or equivalent certification, or bring equivalent demonstrable experience
- Travel as required


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Advancing Cyber Risk and Assurance
This is a pivotal role protecting a major part of HSBC’s UK business and supporting secure growth for our Commercial Banking customers. You’ll set direction across strategy, governance and incident readiness while keeping controls and engineering practices strong and practical. The work spans executive and regulator engagement as well as hands-on influence over how security is designed and implemented. If you’re ready to shape outcomes that matter across UK CMB we’d welcome your application.
Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces - no matter their gender, ethnicity, disability, religion, sexual orientation, socio-economic background or age.
We are committed to removing barriers and ensuring careers at HSBC are inclusive and accessible for everyone to be at their best. We take pride in being a Disability Confident Leader and will offer an interview to people with disabilities, long term conditions or neurodivergent candidates who meet the minimum criteria for the role.
If you have a need that requires accommodations or changes during the recruitment process, please contact the Recruiter.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills