Job Advert Details


Some careers shine brighter than others.
If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity
Our Technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world: to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers.

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly delivers this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to the risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development (inc. DevSecOps), Threat and Controls Assessment (inc. Threat Modelling) Application Security (AppSec)/ Penetration Testing, Third Party Security Review (TPSR) and Red team/ Security Research. The function drives the identification, capture, assessment, testing/ verification and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams - on-premise, within the Cloud and for those resulting from 3rd party engagements.

The Vulnerability Response Lead is a key role within the Vulnerability Management Response & Remediation team and the wider Cyber Security Vulnerability Management function. The role will report into the Head of Vulnerability Management Response & Remediation.


What you’ll do
    • Support the remediation efforts of newly discovered vulnerabilities, where the risk score is deemed critical and an immediate risk to HSBC.
    • Monitor external threat feeds and Cyber Intelligence Threat Analysis to identify any newly reported external risks.
    • Manage the documentation of FRTF and ITAG initiatives and providing / identifying expert advice & guidance on remediation approaches. Track and report of ITAG and FRTF initiatives, as well as producing closure reports for completed ITAG’s and FRTF’s.
    • Follow operational processes and ensure that they provide the most streamlined and efficient method of operations, whilst identifying opportunities for improvement. Support thematic reviews to drive and systematic uplifts and enhancements to services that help protect the bank. Maintain operational documentation on what reports are available and how / where to access them.
    • Conduct holistic reviews of the overall baseline security posture.
    • Contribute to and inform requests from Regulators, Internal/ External Audit, and 2LOD challenges/ Papers.
    • Support the commentary for routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs.
    • Support Imminent threat review sessions, and deputising for the chair when required.
    • Support the Head of Vulnerability Management Response and Remediation in leading the Vulnerability Management Response Team. Engage with the Global Head of Vulnerability Management, and other relevant team leads to review and gain approval for submissions, to ensure information requests are aligned with the group risk appetite providing the expected responses.

What you need to have to succeed in this role
    • Minimum of 3-5 years’ experience in working in IT Security or similar role. Experience of working in roles within Cyber Security Operations, Risk Management, and Governance, within a mid to large enterprise or equivalent organisation.
    • Ability to understanding, apply, and improve elements of the Vulnerability Management Lifecycle and use multiple toolsets to convey information, obtain data, and make it meaningful to future plans.
    • Lateral thinking and creative form to deploy expertise in the uplift of people skills, process identifications, and technological adjustments.
    • Ability to recognise threats and risk, and act with insight to deliver a core part of the Cyber Security Operational model in HSBC. Multiple functions will come together to ensure the safety of the bank and the ability to continue business under any circumstances.
    • Ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
    • Understanding and experience in the practical application and execution of: Vulnerability scanning technologies and their application (e.g. Nessus, SAST/MAST/DAST (Checkmarx, Netsparker, Fortify, IBM AppScan, etc.), Tenable.io, Security Center (or similar Vulnerability Scanning products), risk consolidation platforms); Vulnerability assessments, scoring and ratings and how they are applied; Patch Management; Business and architectural design, including controls analysis, process flows and data flows; Cyber security principles, global financial services business models, regional compliance regulations and laws; MS Excel to interrogate large data sets; SharePoint, Microsoft Teams and Confluence.
    • Excellent organisational, administrative, analytical, and problem-solving skills with the ability to work accurately and methodically whilst under pressure to meet deadlines. Proven track record on delivering activities on time to a high standard.
    • Strong interpersonal skills with the ability to create and maintain relationships - Internal relationships extend to peers across other functions within IT and externally to HSBC global businesses, which include external relationships with vendors, typically audit, legal, and technology where the need arises. High level of integrity and strong ethical values.

What we offer
    • Competitive salary
    • Annual performance-based bonus
    • Additional bonuses for recognition awards
    • Multisport card
    • Private medical care
    • Life insurance
    • One-time reimbursement of home office set-up (up to 800 PLN)
    • Corporate parties & events
    • CSR initiatives
    • Nursery discounts
    • Financial support with trainings and education
    • Social fund
    • Flexible working hours
    • Free parking

If your CV meets our criteria, you should expect the following steps in the recruitment process:
    • Online behavioural test 
    • Telephone screen 
    • Zoom interview with the hiring manager

We are looking to hire as soon as possible so don’t wait and apply now!
You'll achieve more when you join HSBC.

We thank all interested candidates for their applications. We reserve the right to contact only selected candidates.

In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: krakow.recruitment@hsbc.com
Recruiter name
Karol Wrobel
Recruiter email
karol.wrobel@hsbc.com
Back to search results