HSBC Group

• Play a key role in the design and maintenance of the Cybersecurity control environment.
• Define and maintain operational controls instances, their measurements as well as Policies, Standards and Procedures for Group Cybersecurity.
• Work with Control Owners, 2LoD and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library are designed according to the Bank’s requirements and industry standards and best practices (e.g. NIST 800-53). 
• Support the Control Owners and other stakeholders to ensure that Cybersecurity control measurements are defined in accordance with HSBC’s KCI Design Framework and industry best practices (CIS).
• Work with CTE and CMT teams to ensure that the defined controls are compliant with Legal/Regulatory Mandatory requirements and that measurements provide sufficient data for stakeholder reports.
• Support the NSEC Control Owner with the design, management and maintaining Policies, Standards and Procedures for Cybersecurity controls, covering all areas across Engineering, Operations and Security Assessment and Testing.
• Organisational reporting: The role will report functionally and organisationally into the Cybersecurity Technology and Engineering Governance unit.

• Strong Risk and Controls Background:  Subject matter expertise in Control Management. This includes but is not limited to controls design and implementation and control assessment; Ability to translate IT concepts into business-friendly language. 
• Technical background: Knowledge of Cybersecurity – at least a generalist with specialist area expertise welcome. Well understanding of Network Security Domain will be a plus; Possession of recognised certificates will be an advantage; Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs) is an advantage; Technical writing skills and highly proficient use of written English is required to ensure quality output for Control, Policies, Procedure and Standards design and maintenance.
• Strong stakeholder engagement and communications skills:  Experience of working at an operational level in international environments which drive a true international perspective; Engaging stakeholders including the NSEC Control Owners, Capability Leads, Cybersecurity Leadership 2LoD and 3LoD Teams. 
• Team-oriented mentality combined with ability to complete tasks independently to a high-quality standard; Experience within fast-moving, complex and demanding corporate environments where Cybersecurity controls issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change.
• Interpersonal Skills: Credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrating high level of communication skills in order to achieve effective stakeholder management. 
• Problem-solving skills: Ability to identify and remediate challenges in (governance) processes and must be able to get Capability owners, Controls Owners and Control SMEs to respond to issues.

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN)
• Corporate parties & events
• CSR initiatives
• Financial support with trainings and education
• Nursery discounts
• Social fund
• Flexible working hours 
• Free parking

• Online behavioural test (for external candidates)
• Telephone screen (for external candidates)
• Job interview with the hiring manager