Global Defense Engineering is responsible for fielding solutions that help defend HSBC against a wide range of threats to the business, customers, clients, partners, and staff. The team works in concert with partner teams across HSBC to implement novel defensive capabilities that are effective and adaptable against a constantly evolving threat landscape. The function operates under the vision: “Enabling HSBC to be safely successful everywhere the firm chooses to do business.”
responsibilities :
Define secure configuration baselines for database management system software, including but not limited to Oracle, Db2, SAP ASE, SQL Server, Db2 z/OS, MongoDB, and PostgreSQL, Teradata, HADOOP.
Work with database technical subject matter experts to agree secure configuration baselines.
Work with database technical subject matter experts to define/develop/implement checks for compliance scans.
Work with database technical subject matter experts to provide remediation guidance for IT Service Owners.
Work with the Configuration Baseline Management team to ensure they receive configuration compliance data.
Interact with stakeholders across the organisation to understand their security needs and expectations.
Define and maintain capability strategy, supported by Enterprise Architecture, Security Architecture and, Control Owners, in response to business strategies, regulator expectations, technology and practice advancement, best practice, and threat actor evolution [will overlap with Architecture.
Ensure success with delivery partners (in alignment with support functions). Runs / drives respective Delivery forum, QBRs, SteerCos and Capability PODs.
Maintain and prioritise a capability backlog based on objectives and value released to identify what teams work on next. Supports the prioritisation of backlogs from supporting technology and operations/service teams.
Close working with Control Owners: Oversees Control Owner activity from a technical point-of-view, e.g. accurate assessment of control defect severities.
Close working with Service Owners: understands general performance of associated services, exceptions, customer feedback and service uplift roadmaps.
Close working with Technology/Platform Owners: understands general performance of associated IT services, significant bugs, technology health, customer feedback and technology uplift roadmaps (including technical debt resolution).
Run a Pod per L2 capability with Architecture, Engineering, Service Delivery, Control Owner, Programme Manager, and Product Management.
Own all medium-rated and below risk Control Issues, Audit points and Regulatory findings.
requirements-expected :
Minimum 5 years’ in-depth experience with multiple database technologies from the list of Oracle, Db2, SAP ASE, SQL Server, Db2 z/OS, MongoDB, and PostgreSQL, Teradata, HADOOP.
Demonstrated experience with database platform security.
Minimum 2 years’ experience leading a technical team.
Demonstrated understanding of and experience with Center for Internet Security (CIS) benchmarks.
Strong stakeholder management skills, with demonstrated experience of understanding and meeting the needs of multiple stakeholders.
Excellent communication skills, including the ability to translate complex technical concepts into business-friendly language.
Customer-centric consultancy approach.
Strong analytical and problem-solving skills.
Ability to manage budgets and allocate resources effectively.
Reliant and adaptive to changing situations, with strong desire to delegate and empower the team.
offered :
Competitive salary
Annual performance-based bonus
Additional bonuses for recognition awards
Multisport card
Private medical care
Life insurance
One-time reimbursement of home office set-up (up to 800 PLN)
Corporate parties & events
CSR initiatives
Nursery discounts
Financial support with trainings and education
Social fund
Flexible working hours
Free parking
benefits :
sharing the costs of sports activities
private medical care
sharing the costs of professional training & courses
