HSBC Service Delivery (Polska) Sp. z o.o.
Umowa o pracę
Oferta wygasa w dniu:
(Cybersecurity Operations) CRQ Controls Manager
HSBC Service Delivery (Polska) Sp. z o.o. is a member of the HSBC Group, one of the largest banking and financial services organizations in the world. Together with wide range of branches all over the world HSBC provides a comprehensive range of financial services to around 100 million customers. We are looking for candidates for the position of:
(Cybersecurity Operations) CRQ Controls Manager
Location: Kraków Ref No: HTP/Cybersecurity/CRQCM/09/2019
Cybersecurity Control Management is a new sub-function of Cybersecurity Governance, Risk and Compliance. The role-holder will have an opportunity to shape and grow the team. The role itself will evolve together with the strategy for control management in Cybersecurity. The nature of the team is global and the successful candidates will engage with global stakeholders on a daily basis. The team is responsible for 2 key areas:
1) Control Management - global management of risk and controls governance for all global Control owners across Cybersecurity Technology, Operations and testing. End to end control lifecycle management, from design, through performance monitoring, to executive reporting
2) Cyber Risk Quantification (CRQ) – operating and continuously improving an innovative, mathematical model used to quantify the impact of improving maturity of our controls on cyber risk exposure reduction, and likelihood of a cyber-attack being successful.
Following extensive investment across our Technology and Cybersecurity domains and with plans for continued expansion throughout 2019 and beyond, we are currently seeking two experienced Cybersecurity Risk Quantification (CRQ) Controls Managers to join HSBC Technology, Cybersecurity.
- Support the Head of Control Management in implementing risk quantification strategy for Cybersecurity
- Work with a wide range of stakeholders in Cybersecurity and other Technology Functions to define, create a mechanism for ingestion and use of cyber threats and management information in the CRQ model
- Lead selected work streams improving the overall Cybersecurity Control Management maturity and effectiveness
- Take part in creating overall Cybersecurity Controls design strategy;
- Participate and co-ordinate assessments of external events to understand their potential impact on HSBC;
- Work with the Control Owners, 2LOD, Audit and CCO Technology to ensure that the Cyber Security owned controls in the Risk and Controls Library are assessed for control effectiveness and there are documented remediation plans to address control deficiencies/gaps.
- Working with Control Owners to create framework for maturity assessments and review maturity scores (current and future goals) and evidence required to confirm it.
- Review and maintain repository of HSBC controls allocation to the NIST FSS framework.
- Support Control Owners in tracking activities related to Cybersecurity Maturity Improvement Programme (CSMIP) and BAU, improving overall control effectiveness
- Strong Risk and Controls Background
- Experience with working with metrics and numerical data
- Control Management and Assessment experience
- Cybersecurity background
- Understanding of National Institute Standards Technology (NIST) framework would be beneficial
- MITRE ATT&CK framework knowledge would be a big advantage
- Ability to translate difficult IT concepts into business-friendly language
- Strong stakeholder management and communications skills
- Previous programme management experience would be beneficial but is not key for this role
- Team-oriented mentality combined with ability to complete tasks independently to a high quality standard
- Contact with top IT technologies available in the market.
- Employees’ benefits: Multisport Card, private medical and dental health care, life insurance,
- Free parking space for our employees – few minutes from the office,
- Internal training events and workshops,
- Realistic career progression opportunities in an international organization,
- Casual dress code,
- Cultural exchange.
You'll achieve more when you join HSBC. We thank all interested candidates for their applications. We reserve the right to contact only selected candidates.
Applications sent to us will be taken into consideration only if they include the following statement:
“I hereby declare that I have familiarized myself with the Privacy Statement for Applicants published at http://www.about.hsbc.pl/careers and I hereby give consent for personal data included in my application to be processed for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).”
In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: [email protected]