CISO - OBKYC and Customer Due Diligence (CDD) and Servicing, and CIB Middle East
- Sheffield
- Temporary
- Full-time
The CISO – CIB OBKYC/CDD and Servicing is responsible for implementing and enhancing a best-in-class Cybersecurity capability across their assigned Global Business/Global Infrastructure (GBGI) within the Middle East region. This role ensures the secure delivery of Onboarding, KYC, and Customer Due Diligence processes while protecting sensitive customer and institutional data against evolving cyber threats. The role requires strong alignment with Middle East regulatory frameworks (e.g., SAMA, DFSA, CBUAE, QCB) and global standards. The CISO will work closely with senior executives, regulators, and industry bodies to foster a security-first culture, while leading a high-performing Cybersecurity team across a complex, multinational environment.As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.In this role you will:
- Drive the execution of the global Cybersecurity strategy within the Middle East GBGI, ensuring compliance with local regulatory requirements (SAMA, CBUAE, DFSA, QFCRA, etc.).
- Oversee Cybersecurity risk governance and reporting to GBGI Boards, Committees, regulators, and senior executives.
- Lead the continuous assessment of cyber threats in the region and adapt controls to address local risk environments.
- Support regulatory inspections, audits, and external assurance reviews, ensuring evidence of control effectiveness.
- Partner with senior stakeholders (CIOs, COOs, CEOs) across the Middle East to embed Cybersecurity into business decision-making.
- Ensure Cybersecurity controls for OBKYC/CDD platforms meet both global standards (NIST, ISO 27001) and regional regulations.
- Lead the Cybersecurity incident response process in the region, coordinating with regulators, legal teams, and executive leadership.
- Build a customer-first Cybersecurity culture, ensuring trust, resilience, and regulatory compliance in customer onboarding and servicing processes.
- Represent the firm in Middle East industry forums and with regulators to influence emerging cyber policies and contribute to shaping industry standards.• Lead and develop a high-performance cybersecurity team, fostering learning, collaboration, and engagement.
- Participate in relevant governance committees and industry forums to influence standards and regulatory expectations.
- Extensive Cybersecurity leadership experience within large, complex, multinational organisations, preferably in banking/financial services within the Middle East.
- Strong understanding of Middle East regulatory requirements (SAMA Cybersecurity Framework, NCA ECC, CBUAE Information Security Regulations, DFSA cyber rules, etc.).
- Deep expertise in Cybersecurity frameworks (NIST, ISO 27001), incident response, risk management, and control design.
- Proven ability to engage with regional regulators and represent the organisation in inspections and regulatory discussions.
- Exceptional communication and influencing skills; able to translate complex cyber risks into business language for executives and boards.
- Demonstrated success in leading and developing diverse global teams across multiple jurisdictions.
- Entrepreneurial and customer-centric mindset, capable of balancing business priorities with Cybersecurity resilience.• Nice to have: knowledge of FX and Asset Management business models.