Pracodawca zakończył zbieranie zgłoszeń na tę ofertę

(Cybersecurity) Business Enablement Risk Lead

HSBC Service Delivery (Polska) Sp. z o.o.

  • Kapelanka 42a, Dębniki, Kraków
    Kraków, Lesser Poland
  • offer expired 3 months ago
  • contract of employment
  • full-time
  • manager / supervisor
  • hybrid work
  • remote recruitment
  • запрошуємо працівників з України
  • Робота для іноземців
    без польської
Запрошуємо працівників з України
Роботодавець відкритий для працевлаштування громадян України

HSBC Service Delivery (Polska) Sp. z o.o.

Kapelanka 42a



Technologies we use


  • CSF

  • Agile

  • Prince2

  • Clarity

  • JIRA

About the project

HSBC operates from over 3,900 offices in 67 countries, supporting 38 million customers in an increasingly digital offering that requires always on and secure operations of the technology estate.

The Cybersecurity team at HSBC is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through specialized subject matter experts.

The CST Business Engagement risk lead is a role within the Cybersecurity Strategy & Transformation (CST) function of the Cybersecurity team. The role holder will interface and work closely with the relevant stakeholders within the Cybersecurity Business Enablement (CBE) function and will contribute for delivering the CST Business Enablement framework and operating model going forward.

Your responsibilities

  • The CST Business Engagement risk lead will drive and deliver the following services in conjunction with the CST team and individual Global Business/Global Function/Regional (GB/GF/Regional) CBE teams:

  • Work with control and service owners to agree strategy, roadmap and architecture business cases to meet GB/GF/Reg needs

  • Work with the strategy and architecture team, risk and control owners, GRC and CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to identify global gaps or opportunities for improvement, highlighted in audits and emerging from evolving regulatory requirements.

  • Assist Cybersecurity capability leads/ Product Owners/ project teams to prioritise demand based on GB/GF/Reg risk return on investments, change feasibility and the mandatory nature of change (regulations).

  • Liaise with CBE delivery and consulting leads in respective GB/GF/Reg to identify requirements and strategy for central change initiatives.

  • Gather CISO, strategy, architecture and GB/GF requirements regions and business via the CBE teams within respective GB/GF/Reg. (for example by participating in their Business Cyber Defense forums, Business-Cyber delivery forums, RCMM’s etc.) Via the CBE team, understand local business strategy and direction, with focus on information security as input in development of the transformation and strategic plans. Liaise with Strategy and Service Management team within CST to assist with overall business case development and investment planning.

  • Support change programme management in relation to GB/GF/Reg:

  • Support coordination and facilitate discussion between Cybersecurity capability leads/ Product Owners/ project teams; technology and the CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to define qualitative and quantitative benefits of the change.

  • Assist Cybersecurity capability leads/ Product Owners/ project teams to understand the path of adoption for the work they are doing.

  • Work with Cybersecurity capability leads/ Product Owners/ project teams to ensure strategies, roadmaps and architecture meet requirements from CBE teams

  • Support and facilitate the Business Case (Investment Feasibility) development process and support in relevant approval/ sign off. Work with CBE team (RISO & BISO, cyber delivery and consulting leads) to manage stakeholders within GB/GF/Reg.

  • Coordinate change delivery/ deployment across recipients of change (i.e. regional control owners):

  • Work with Cybersecurity capability leads/ Product Owners/ project teams and Service Owners to assist with the development of the Operational Readiness plan (i.e. BAU embedment) for the GB/GF/Reg within the change releases.

  • Ensure clear traceability of delivery to outcomes, risks and control improvements. Engage with CBE teams (RISO’s, BISO’s, Delivery and Consulting leads), CRCS Pods owners along with the Cybersecurity capability leads/ Product Owners/Value Stream Lead/ Project teams; to deliver clear business benefits around project scope, progress, control uplift maturity, regulatory outcomes and overall benefits in business friendly language.

  • Ensure escalation for CBE and project teams and support with unblocking change delivery/ adoption issues for their respective assigned areas of CBE business and regions. Also provide specialist advise/ business context to the as it pertains to the GB/GF/ Reg.

  • Support the proactive management of risks for delivery, operational and implementation rollout for business/regions within the Cybersecurity Sub-Value Stream (SVS) and Platforms, through coordination and collaboration with capability leads/ Product Owners/ project teams and Portfolio Mgmt. team and CBE teams (RISO’s, BISO’s, Delivery and Consulting leads)

  • Assist the delivery teams and Cybersecurity capability leads/ Product Owners/ project teams in ensuring that the production of work is accounted and planned for as part of portfolio delivery.

Our requirements

  • Good Risk and Controls understanding

  • Knowledge and exposure of Cybersecurity Risk and Control Management

  • Experience of translating difficult IT concepts into business language;

  • Experience with Technology risks and controls related to Cybersecurity

  • Strong progamme and project management/ business analysis background

  • Experience of project management principles or have a relevant Project Management qualification (e.g. PRINCE2, Agile);

  • Experience with Project Management Tools (such as Clarity, JIRA)

  • Technical background

  • Excellent cybersecurity knowledge; Understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors, inherent/residual risk;

  • Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs);

  • Familiarity with the NIST Cyber Security Framework (CSF);

  • Understanding of regulatory landscape.

  • Strong stakeholder management and communications skills

  • Experience of working at an operational level in international environments;

  • Experience in managing stakeholders;

  • Experience in creating and reviewing executive reports (up to board level);

  • Experience of setting and assuring delivery quality criteria for cybersecurity delivery including strategies, roadmaps, architecture and plans

  • Experience in dealing with senior management, internal/ external audit, business and wide array of global stakeholders.

  • Team-oriented mentality combined with ability to complete tasks independently to a high quality standard

  • Experience within fast-moving, complex and demanding corporate environments that run large Cybersecurity change programmes/ portfolio of work needing engagement with complex stakeholder across the lifecycle i.e. requirement gathering, development, deployment/ embedding, benefit realisation and feedback.


  • Experience with GRC Tools (such as HELIOS, ServiceNow, Archer)


  • sharing the costs of sports activities

  • private medical care

  • sharing the costs of foreign language classes

  • sharing the costs of professional training & courses

  • life insurance

  • remote work opportunities

  • flexible working time

  • integration events

  • corporate sports team

  • doctor’s duty hours in the office

  • retirement pension plan

  • corporate library

  • no dress code

  • video games at work

  • coffee / tea

  • parking space for employees

  • leisure zone

  • extra social benefits

  • employee referral program

  • opportunity to obtain permits and licenses

  • charity initiatives

  • family picnics

  • extra leave

Recruitment stages

Online assessment


Phone interview


Zoom interview


Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 63 countries and territories.

HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.

Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Scroll to the company’s profile