Oferta pracy
Thank you for interest in HSBC. . Before you apply, please note that we will take into the consideration only applications that include the following statement: . “I hereby declare that I have familiarised myself with the Privacy Statement for Applicants published at http://www.about.hsbc.pl/careers and I give my consent to use my personal data included in my application for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to the rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).” . Due to the high number of applications, we reserve the right to contact selected candidates only. . In case you would like to resign from participation in the recruitment process or withdraw previously sent application, please email us at: [email protected]
Oferta z szybkim aplikowaniem 
co to?
Na oferty z aktywnym „Aplikuj szybko” zaaplikujesz jednym kliknięciem. Korzystają one z danych używanych przez Ciebie przy ostatnim aplikowaniu. Jeśli jeszcze tego nie robiłaś/eś, nie przejmuj się. Za pierwszym razem trafisz na pełny formularz aplikowania.

(CCO) IT and Third Party Controls Testing – Senior Manager

HSBC Service Delivery (Polska) Sp. z o.o.About the company

  • Kapelanka 42a, Kraków
    Kraków, Lesser Poland
  • Valid for 13 days
    until: 18 Aug 2021
  • Remote recruitment
  • contract of employment
  • full-time
  • manager / supervisor

HSBC Service Delivery (Polska) Sp. z o.o.

Kapelanka 42a


Your responsibilities

  • This role provides strategic support to the Global Businesses and Functions in the oversight of key third party relationships in order to strengthen risk management

  • This support includes the identification and ongoing review of key controls operated by these third parties, as captured in their service auditor control reports

  • As part of the role you will be required to work effectively with key stakeholders: Third Party Engagement Managers (TPEM), Third Party Risk Officers (TPRO), SOX Process Owners and Control Owners

  • Prior knowledge of service auditor reporting standards (SSAE18/ ISAE3402) and experience in reviewing these reports to assess financial reporting impact is essential

  • In addition, this role will provide support to the wider IT control testing team by leading control testing reviews.

  • Knowledge of IT General Computer controls and third party controls is required, including an understanding of operational risks impacted by third parties.

  • Responsible for timely review of service auditor control reports in line with the annual SOX plan, being transparent and accurate in the completion of deliverables and reporting progress to Senior Management

  • Providing expertise and guidance on IT General Computer (ITGC) controls, third party management controls and other controls relied on by HSBC contained in service auditor reports and applying critical judgment and decision making in relation to the identification and publication of control deficiencies identified

  • Working closely with TPEM, TRPO, SOX Process Owners and Control Owners to effectively and efficiently complete reviews, escalating any delays and challenges at the point they arise

  • Supporting the completion of service auditor control reviews covering the scope of third parties impacting financial reporting and working collaboratively with other team members

  • Responsible for leading control testing reviews across technology domains

  • Responsible for driving control consistency across the service auditor control reports through identifying and addressing control related themes and trends

  • Establishing effective working relationship with the Assurance Function Leadership team, TPEM, TPRO, SOX Process Owners, Control Owners and TPM teams

  • Building ‘trusted advisor’ relationships with internal stakeholders through establishing a network with Business and Technology and partnering with 2nd and 3rd Lines of Defence (LOD)

  • Being an escalation point for internal stakeholders, ensuring swift resolution of issues

  • Being resilient in the face of, sometimes acute, pressure to redact control deficiencies and recommendations by focusing on the facts of service auditor assessments

  • Balancing priorities between completing reviews and supporting the remediation activities needed and identifying process improvements to increase effectiveness and improve efficiency

  • Supporting the delivery of the service auditor control reviews whilst adhering to HSBC’s vision, values and goals

  • Timely delivery of reviews through completion against milestones of the annual SOX and wider testing plan

  • Inspires and engages with people to be inclusive and works closely with other team members to develop and motivate the wider team

  • Leading reviews and taking action to address any activities and behaviours that are not consistent with HSBC's diversity policy and/or the best interests of the business and its customers

  • Leading control testing reviews across IT domains ensuring that testing is performed to relevant quality and standards

  • Suggesting and implementing enhancements to service auditor control review process and resource capabilities to deliver the annual SOX plan

  • Embedding quality into service auditor control review deliverables and ensuring compliance with the SOX FIM

  • Providing management with visibility of delivery issues, especially on the timely completion of critical reviews

Our requirements

  • Demonstrable knowledge in Technology operational risk management, internal control, or internal audit preferably within Financial Services

  • Experience of service auditor reporting standards (SSAE18/ ISAE3402) and reviewing these reports of third party vendors

  • Knowledge of IT General Computer controls and third party management controls are essential to this role

  • Experience with control testing especially in IT area

  • Understanding of operational risks impacted by third party vendors

  • Proven project management experience

  • Strong communication and interpersonal skills to a wide range of individuals and groups and at different levels of seniority

  • Self-starter and effective collaborator

  • Innovative and able to assess needs and propose solutions

  • Excellent time management skills

  • Ability to influence without direct management authority

  • Good understanding and or experience in the following: Risk Management


  • Risk qualification CRISC, ACA, ACCA, CISM, CISA, CISSP or equivalent

  • Benefits

  • sharing the costs of sports activities

  • private medical care

  • sharing the costs of foreign language classes

  • sharing the costs of professional training & courses

  • life insurance

  • remote work opportunities

  • flexible working time

  • integration events

  • corporate sports team

  • doctor’s duty hours in the office

  • retirement pension plan

  • corporate library

  • no dress code

  • video games at work

  • coffee / tea

  • parking space for employees

  • leisure zone

  • extra social benefits

  • employee referral program

  • opportunity to obtain permits and licenses

  • charity initiatives

  • family picnics

  • extra leave

Recruitment stages

Phone interview


Online assessment


Zoom interview


Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 64 countries and territories.

HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.

Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Scroll to the company’s profile
This is how we work
This is how we work

Role Context

Strong risk management and internal control are core elements of the Group’s strategy and all staff are responsible for managing and mitigating operational risks in their core. The Group has adopted a risk management and internal control structure, referred to as the Three Lines of Defense, to ensure it achieves its commercial aims while meeting regulatory and legal requirements and its responsibilities to shareholders, customers and staff.

This GCL explains these responsibilities as they apply to service auditor control reviews:

• Support the delivery of the annual plan, highlighting gaps and control deficiencies in SOX third parties that could have an impact on financial reporting

• Raising awareness and understanding of OSP risks and controls

• Delivering reviews and creating risk assessments in conjunction with technology and businesses where deficient third party controls are identified

• Working closely with TPEMs to understand changes in third party control environments, including remediation of control deficiencies identified

• Supporting the SOX Internal Control Certificate (ICC) bi-annual process required by all Businesses and Functions where there are dependencies on OSPs