.
Cloud Security Controls Lead
  • Kraków
Cloud Security Controls Lead
Kraków, Kraków, Lesser Poland Voivodeship, Polska
HSBC Service Delivery (Polska) Sp. z o.o.
8. 6. 2024
Informacje o stanowisku

Cloud Security Controls Lead

Miejsce pracy: Kraków

Technologies we use

Expected

  • AWS
  • Microsoft Azure
  • GCP

About the project

Whilst the job holder will be based in Krakow, Poland, this is a Global role covering Cybersecurity Controls applicable to public Cloud (including Alibaba, AWS, Azure, GCP) across all countries and legal entities.

The ‘Cloud Security Control Lead’ reports directly to the ‘Cloud Security Engineering and Delivery Lead’. Key to this role are HSBC’s Vision ’27 goals - Speed, Scale, Resilience and People.

Your responsibilities

  • Collaborate with Control Owners, 2LoD, Global Cloud Services (GCS) Platform teams and other key stakeholders, to ensure that Cybersecurity owned controls in the Risk and Controls Library are designed according to the Bank’s requirements and industry standards and best practices (e.g., NIST 800-53) and ensure that, where appropriate, the Controls make specific, explicit provision in their applicability for public Cloud use cases.
  • Collaborate with Control Owners and other stakeholders to ensure that Cybersecurity control measurements are defined in accordance with HSBC’s KCI Design Framework and industry best practices (CIS). Existing KCIs must be suitably adapted and new KCIs created as required ensuring effective coverage of public Cloud use cases.
  • Work with CRCS teams to ensure that the defined controls are compliant with Legal/Regulatory Mandatory requirements and that measurements provide sufficient data for stakeholder reports.
  • With specific reference to public Cloud use-cases, work with 2LoD, CCO Technology, Audit (internal and external), GCS platform teams and other key stakeholders to ensure that the Cybersecurity owned controls are monitored, assessed, and tested according to the Bank’s requirements, Risk Management Framework (RMF) and other external regulatory bodies.
  • Review and challenge the existing Risk and Control Library, Policies, Procedures and Standards for Cybersecurity controls with specific reference to applicability for public Cloud use cases.
  • Proactively identify gaps in the existing frameworks and propose remediation solutions in line with the industry standards and best practices.
  • Provide regular, timely, suitable data, reporting and content describing the status, coverage and effectiveness of Cybersecurity Controls, with specific reference to public Cloud for delivery to senior management forums (e.g., Risk and Controls Management Meeting).

Our requirements

  • Risk and Controls Background: Strong understanding of Security Controls in particular, how these are applied in the context of public Cloud; Ability to translate difficult IT concepts into business-friendly language; Experience with Technology risks and controls.
  • Technical background: Broad knowledge of Cybersecurity – concepts, requirements, operations; Broad knowledge of Cloud (esp. public Cloud), principles, operations, concepts; Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs).
  • Technical writing skills and highly proficient use of written English is required to ensure quality output to articulate Control, Policies, Procedure and Standards gaps and requirements with particular reference to public Cloud.
  • Excellent written and verbal communication skills with an ability to: Communicate with impact, ensuring complex information and data is articulated in a meaningful way to wide and varied audiences and stakeholders including senior management; Produce clear and concise reports and control documentation for targeted audiences across internal and external stakeholders; Influence, challenge and manage senior stakeholders.
  • Flexible approach to shifting or competing priorities.
  • Strong technical problem-solving and trouble-shooting skills.
  • Strong technical awareness of Cloud, Cyber Security tools and concepts (ideally with a Cloud certification(s)) and one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications would be nice to have.

What we offer

  • Competitive salary
  • Annual performance-based bonus
  • Additional bonuses for recognition awards
  • Multisport card
  • Private medical care
  • Life insurance
  • One-time reimbursement of home office set-up (up to 800 PLN)
  • Corporate parties & events
  • CSR initiatives
  • Nursery discounts
  • Financial support with trainings and education
  • Social fund
  • Flexible working hours
  • Free parking (Cracow office)

Benefits

  • sharing the costs of sports activities
  • private medical care
  • sharing the costs of professional training & courses
  • life insurance
  • remote work opportunities
  • flexible working time
  • integration events
  • corporate sports team
  • doctor’s duty hours in the office
  • retirement pension plan
  • corporate library
  • no dress code
  • coffee / tea
  • parking space for employees
  • leisure zone
  • extra social benefits
  • employee referral program
  • opportunity to obtain permits and licenses
  • charity initiatives
  • family picnics
  • extra leave
  • In-office gym

Recruitment stages

  • Online assessment
  • Phone interview
  • Job interview
  • Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 63 countries and territories.

HSBC Service Delivery (Polska) Sp. z o.o. is HSBCs global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.

Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Thank you for interest in HSBC..Before you apply, please note that we will take into the consideration only applications that include the following statement:.“I hereby declare that I have familiarised myself with the Privacy Statement for Applicants published at http://www.about.hsbc.pl/careers and I give my consent to use my personal data included in my application for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to the rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).”.Due to the high number of applications, we reserve the right to contact selected candidates only..In case you would like to resign from participation in the recruitment process or withdraw previously sent application, please email us at: krakow.recruitment@hsbc.com.

  • Praca Kraków
  • Chief security officer Kraków

    • Kraków - Oferty pracy w okolicznych lokalizacjach

    Odpowiedz na ogłoszenie
    Praca Kraków - Ciekawe oferty pracy w okolicy:
    Cloud DevSecOps Engineer - Team Lead @ Motorola Solutions Systems Polska
    • Kraków
      Motorola Solutions Systems Polska
    (Cybersecurity) Lead Cloud Security Analyst
    • Kraków
      HSBC Service Delivery (Polska) Sp. z o.o.
    Test Lead QA Lead
    Cloud Network Security Engineer
    Email Security Consultant
    Test Lead (QA Lead)
    Head of Cybersecurity Risk & Controls
    Head of Cybersecurity Risk & Controls
    Head of Cybersecurity Risk & Controls
    82 870
    15 696