Role Purpose
The Head of Control Centre is a newly established leadership role created to bring clarity,
consistency, and control to a set of critical operational disciplines that are currently
distributed across the Client Connectivity department. The role exists to consolidate
fragmented activity, eliminate duplication, and establish a single point of accountability for
risk, resilience, cyber, release, and environment management.
In the near term, the Head of Control Centre will be responsible for identifying all individuals
across the department currently performing Control Centre-related work, bringing them into a
unified function, and aligning them around a common operating model and set of standards.
Over time, this role will be the driving force behind a mature, proactive, and continuously
improving control environment.
Key Responsibilities
1. Consolidation & Operating Model
– Conduct a comprehensive review of all Control Centre-related activity currently taking
place across Client Connectivity
– Identify all personnel performing risk, resilience, cyber, and release management
functions, regardless of their current reporting line
– Design and implement a unified Control Centre operating model, eliminating
duplication and establishing clear ownership
– Build a cohesive team culture with shared goals, aligned processes, and a consistent
approach to risk and control
– Act as the single point of escalation for all Control Centre matters across the
department
2. Risk & Control
– Own and maintain the department's risk and control framework, ensuring it is current,
comprehensive, and fit for purpose
INTERNAL
– Drive a proactive risk culture, ensuring issues are identified, logged, assessed, and
remediated in a timely manner
– Lead engagement with internal audit, compliance, and regulatory stakeholders on
behalf of Client Connectivity
– Produce risk reporting for senior management and governance forums
– Ensure all operational processes have appropriate controls in place and are regularly
reviewed
3. Operational Resilience
– Own the department's operational resilience strategy, ensuring critical services are
identified and protected
– Define and maintain impact tolerances in line with regulatory expectations
– Oversee business continuity planning, disaster recovery testing, and incident
management processes
– Ensure the department is prepared for, and can respond effectively to, disruptive
events
– Lead post-incident reviews and drive lessons-learned activity across the team
4. Cyber, Fraud & Surveillance
– Serve as the department's lead for cyber risk management, working closely with
Group Information Security
– Ensure appropriate controls are in place to detect, prevent, and respond to cyber
threats and fraudulent activity
– Oversee surveillance controls relevant to Client Connectivity, ensuring compliance
with applicable policies and regulations
– Champion a security-first mindset across the department
– Represent Client Connectivity in firm-wide cyber and fraud governance forums
5. Release Management
– Establish and maintain clear, real-time visibility of all changes taking place across the
Client Connectivity estate, ensuring nothing goes untracked or ungoverned
– Own the risk assessment framework for changes, ensuring every release is
evaluated consistently and that risk is understood and accepted before deployment
to production
– Work with delivery teams to drive up release cadence by encouraging smaller, safer,
low-risk, non-breaking changes — moving away from large, infrequent releases
towards a more controlled and continuous flow of change
– Champion engineering practices that make frequent releases achievable — including
feature flags, backward-compatible changes, and robust automated testing — in
partnership with engineering leads
– Track and report on release quality metrics, including change-related incidents,
rollback rates, and post-implementation review outcomes
– Act as the escalation point for release-related risk decisions, providing clear guidance
to teams on when changes are ready to proceed and when they are not
6. Engineering Lens & AI-Driven Efficiency
INTERNAL
– Apply an engineering mindset across all four Control Centre disciplines, challenging
manual and repetitive processes and seeking opportunities to automate, streamline,
and simplify
– Identify and prioritise use cases where AI and machine learning tooling can
meaningfully reduce effort, improve accuracy, or enhance the speed of decisionmaking within risk, resilience, cyber, and release management
– Work with engineering and data teams to prototype, test, and embed AI-driven
tooling into Control Centre workflows
– Establish a continuous improvement culture within the team, where efficiency
opportunities are regularly surfaced and acted upon
– Ensure that automation and AI adoption is done responsibly — with appropriate
controls, auditability, and governance in place
– Track and report on efficiency gains delivered through engineering and AI initiatives,
demonstrating measurable impact over time
Skills & Experience
Essential
– Empathy with the software engineering discipline.
– Significant experience in a senior technology risk, control, or operational resilience
role within financial services
– Strong understanding of risk and control frameworks, with proven experience
designing and implementing them at scale
– Demonstrable experience across two or more of: cyber/fraud, release management,
or operational resilience
– Appetite and ability to apply an engineering lens to operational problems —
comfortable working with engineers and data teams to identify and deliver
automation and AI-driven improvements
– Track record of leading and motivating cross-functional teams, ideally within a large,
matrixed organisation
– Excellent stakeholder management skills, with the ability to engage credibly at senior
and executive level
– Strong analytical and problem-solving skills, with the ability to make decisions in
ambiguous or complex environments
– Experience managing regulatory relationships and preparing material for governance
forums
Desirable
– Experience in investment banking or financial markets technology
– Familiarity with HSBC's risk and control framework, operational resilience standards,
or technology governance processes
– Knowledge of relevant regulatory requirements (e.g. DORA, PRA operational
resilience policy, FCA expectations)
– Industry certifications such as CISM, CRISC, ITIL, or equivalent
INTERNAL
Leadership & Behaviours
The successful candidate will demonstrate the following behaviours:
– Collaborative — builds strong relationships across the department and broader
organisation to drive shared outcomes
– Decisive — comfortable making sound judgements with imperfect information and
taking accountability for decisions
– Inclusive — creates an environment where all team members can contribute,
develop, and thrive
– Forward-thinking — anticipates risks and opportunities before they materialise, rather
than simply reacting to events
– Clear communicator — able to translate complex risk and technical concepts into
clear, actionable language for all audiences
What Success Looks Like
In the first six months, the Head of Control Centre will be expected to:
– Have mapped all Control Centre-related activity and personnel across Client
Connectivity
– Have established a clear target operating model for the Control Centre function
– Have begun the process of aligning the team around common standards, processes,
and ways of working
– Have built strong relationships with key stakeholders across the department and with
second-line functions
– Have delivered an initial assessment of the department's risk and control posture
In the first twelve months, the Head of Control Centre will be expected to:
– Have a fully operational and cohesive Control Centre function in place
– Have eliminated material duplication of effort across the five Control Centre
disciplines
– Have implemented consistent, documented processes and controls across all areas
of remit
– Have identified and begun delivering a pipeline of AI and automation opportunities
across the Control Centre remit
– Have achieved measurable improvements in the department's risk profile and
resilience posture
– Have established the Control Centre as a trusted and valued partner across Client
Connectivity
hackajob is partnering with HSBC to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.
Upskill
Level up the hackajob way. Verify your skills, learn brand new ones and test your ability with Pathways, our learning and development platform.
Find out more