Job Advert Details

Role Purpose

Lead and enhance cybersecurity across all HSBC entities, ensuring robust risk management, regulatory compliance, and alignment with business objectives. Act as the primary liaison for information security, translating complex concepts into actionable guidance and supporting business growth.

You’ll work closely with business and technology teams to maintain robust risk and control standards, and report to the CTO/ET CISO.


Principal Accountabilities: 

  • Strategic Leadership: Shape and execute cybersecurity strategy, embedding best practices and aligning initiatives with business goals and risk appetite.
  • Stakeholder Engagement: Manage relationships with senior executives, Boards, regulators, and external partners. Communicate security topics clearly to all stakeholders.
  • Customer Focus: Promote a customer-centric security culture, leveraging cybersecurity to enhance operations and customer advocacy.
  • Continuous Improvement: Regularly review and refine security processes, controls, and technologies, incorporating feedback and industry best practices.
  • Risk Management & Compliance: Guide senior management on cybersecurity risk, ensuring compliance with global regulations and standards (e.g., NIST, ISO 27001, GDPR, FCA). Serve as the main contact for audits and assessments.
  • AI Security: LLM threat modelling, AI governance, Agentic, adversarial ML, AI red‑teaming, NIST AI RMF, architecture, MCP, API
  • Data: Data environments, Governance, DSPM, DLP, privacy engineering, Reg -GDPR/DORA, tokenization, OSS
  • Application Security (AppSec): Platform integration, Policy as Code, SAST/DAST/SCA, ASPM, SBOM, OWASP, DevSecOps, threat modelling, SSDLC, API security
  • Platform Security: Data/AI/dev platform security, OSS risk, sovereign architecture, SIEM/SOAR/IAM/PAM, zero trust
  • Modern Infra Security: Infra security, OSS risk, sovereign architecture, SIEM/SOAR/IAM/PAM, zero trust
  • OT Security: Infra security, SCADA, DCS, PLCs, PURDUE, IEC62443, NIST, Convergence, Risk
  • Governance & Reporting: Deliver clear, actionable reports and presentations to Boards and committees, translating technical risks into business intelligence.
  • Incident Response: Oversee incident response plans and lead responses to major security incidents.
  • Policy & Awareness: Set the tone for cybersecurity practices and contribute to global standards, increasing awareness and risk reduction.
  • Team Leadership: Build and mentor a high-performing security team, promoting professional development and staying ahead of emerging threats.
Qualifications


  • Technical & Regulatory Experience: Extensive expertise in cybersecurity, technology, and risk management. Skilled in control design, operational processes, incident response, and regulatory engagement. Deep knowledge of security technologies, frameworks (NIST, ISO 27001), and requirements (GDPR, FCA).
  • Stakeholder Management: Strong leadership experience in complex, fast-paced environments, managing large-scale cybersecurity issues and engaging with board-level stakeholders and regulators.
  • Leadership: Leadership: Proven track record leading international cybersecurity teams and initiatives, raising standards, enhancing the function’s profile, and driving transformation to world-class performance.

Essential Capabilities:

  • Business Insight & Decision Quality: Applies business and market knowledge to make timely, effective decisions.
  • Strategic Mindset: Anticipates future trends and translates them into breakthrough strategies.
  • Action Oriented: Tackles new opportunities and challenges with urgency, energy, and enthusiasm.
  • Builds Effective Teams: Creates strong, diverse teams focused on achieving shared goals.
  • Persuasion & Conviction: Uses compelling arguments to gain support and addresses difficult issues directly.
  • Manages Ambiguity & Ensures Accountability: Operates effectively amid uncertainty and holds self and others accountable for commitments.


Other Requirements:

  • Minimum 5 years’ experience in risk management, cybersecurity, technology audit, or IT roles
  • Bachelor’s degree in a technology-related field or equivalent experience
  • Professional security certification (e.g., CISSP, CISM, CISA, CRISC)
  • Deep knowledge of security frameworks and best practices (ISO/IEC 27001, NIST)
  • Proven experience developing and implementing security strategies
  • Strong written and verbal communication skills, with the ability to influence senior stakeholders
  • Demonstrated leadership of international cybersecurity teams and initiatives
  • Proficient in technical disciplines and security/risk methodologies
  • Willingness to travel as required

  • What we offer
The pay range for this role is 32,791.67 – 49,183.33

Additional car allowance in the amount of 7,663 PLN (monthly, gross).

Variable pay is discretionary, but influenced by Group performance, business/function performance and individual performance.

We offer a comprehensive and competitive package of benefits covering healthcare, family friendly leaves, pension and life assurance, as well as many other benefits to support your wellbeing
* Additional bonuses for recognition awards
* Multisport card
* Private medical care
* Life insurance
* One-time reimbursement of home office set-up (up to 800 PLN).
* Cafeteria platform
* Employee assistance program

* Additional contributions to PPK scheme
* Corporate parties & events
* CSR initiatives
* Nursery and kindergarten discounts
* Financial support with trainings and education
* Social fund
* Flexible working hours
* Free parking

In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: hr.krakow.pl@hsbc.com.



Back to search results