HSBC Service Delivery (Polska) Sp. z o.o. is a part of HSBC Holdings plc, the parent company of the HSBC Group, headquartered in London. The Group serves customers worldwide from over 6,300 offices in over 75 countries and territories in Europe, Asia, North and Latin America, and the Middle East and North Africa. HSBC is one of the world’s largest banking and financial services organisations. Currently, we are looking for a candidate for the position of:
(Cybersecurity) Cyber Tech Delivery Analyst
Ref No: HTK/Cybersecurity/CTDA/06/2018
White Collar Global IT Organisation is one of the largest technology functions. Ensuring IT has the appropriate processes embedded and operating efficiently is critical to its effectiveness and ability to maintain its position as a market leader. The Cyber Security Technology function supports a number of technologies and services across a globally dispersed team. This includes cryptography and encryption technology, Data Loss Prevention, Security Infrastructure and vulnerability management. These collective teams assure critical functions and billions of pounds worth of transactions across the organization.
- Supporting the establishment of the business as a valued contributor to information sharing efforts across the industry that helps to drive a positive image of the bank with our peers and regulators in the markets we serve.
- Supporting a “self-critical” culture whereby identification of weaknesses in the bank’s control plane (people, process and technology) are brought to light in an effective manner and addressed.
- Supporting a culture of individual self-improvement, whereby staff are expected to maintain subject matter expertise within their area of focus and within the realm of cybersecurity more broadly.
- Supporting engagement of Global Businesses and Functions everywhere the company does business, that drives a global up-lift in cybersecurity awareness, helping to “tell the story” of the company Cybersecurity efforts.
- Supporting engagement within the Lines of Defence Risk Management framework adopted by the business, to ensure complete transparency and effective working relationships across all lines of defence.
- Train, develop and mentor less experienced analysts.
- Management of all reporting artefacts for the Cyber Tech function, including driving the necessary change to ensure Cybersecurity systems are producing the necessary MI, reporting is automated wherever feasible and reporting capability is continuously improved.
- Engagement with Client Engagement Managers to gather reporting requirements and gauge effectiveness of reporting.
- Change gateway management - Ensure operational readiness of the CT function prior to acceptance of changes that impact the CT function.
- Manage and maintain the collaboration sites across CT.
- Technical security standards management – Ensure all technical security standards owned by the CT function are maintained.
- Process and procedure management - Ensure all CT processes and procedures are maintained.
- Risk and audit issue management – Ensure regulatory, risk and audit issue mitigation actions, owned by the CT function are actioned within agreed timescales and periodic reporting of such is maintained.
- Internal control assurance – Manage the reviewing, gathering of evidence and reporting on effectiveness of CT internal controls.
- Support the business management function with specific knowledge about the CT team to ensure required information is available regarding spend, supplier and resource management.
- Supplier management – Manage the co-ordination of supplier management meetings with CT supplier owners. Manage the maintenance, tracking and reporting on supplier performance, issues, risks and remediation of such.
- Strategy and Planning – Support the Head of Cyber Tech Delivery and the Global Heads of CT services, in strategy creation, maintenance and planning to achieve the strategy.
- Branding and Communications – increasing exposure across the function including presentations for the Heads of Functions
- Excellent investigative skills, insatiable curiosity and an innate drive to win.
- Resourceful problem solver.
- Business Analysis skills.
- Self-motivated and possessing of a high sense of urgency and personal integrity.
- Highest ethical standards and values.
- Good understanding of the company cyber security principles, global financial services business models, regional compliance regulations and laws.
- Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
- Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
- Ability to speak, read and write in English, in addition to your local language.
- Resilient and tenacious with a propensity to persevere
- Results focused with an ability to work autonomously
- Stakeholder management skills with the ability to interact at all levels
- Excellent verbal and presentation skills
- Experience of being a part and contributor to small teams, across different global regions and a desire to build on this experience is essential.
- VBA Skills
- Sharepoint 2013 - 2016
- Excellent knowledge and demonstrated experience in analysis and project management
- Ability to develop and track key performance indicators (KPIs) and metrics for evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.
- Demonstrated experience in a cybersecurity or similar.
- Extensive experience within an enterprise scale organisation, preferably in the finance or similarly regulated sector.
- Industry recognised cyber security related certifications including; CEH, EnCE, CRISC, SANS GSEC, GCIH, GCIA, GIAC, GCFA, GNFA and/or CISSP would be beneficial
- Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.
- Stable job in professional team,
- Interesting path of career in an international organization,
- Consistent scope of responsibilities,
- Private health care, employees’ benefits.