Oferta pracy

(Cybersecurity Operations) Business Information Risk Officer (BIRO)

HSBC Service Delivery (Polska) Sp. z o.o.O firmie

Rekrutacja zdalna

Rekrutacja zdalna

To wyróżnienie ofert oznacza, że cały proces rekrutacyjny jest prowadzony zdalnie. Dowiedz się więcej
Rekrutacja zdalna

HSBC Service Delivery (Polska) Sp. z o.o.

Kapelanka 42A


(Cybersecurity Operations)
Business Information Risk Officer (BIRO)

Business Information Risk Officers (BIRO) are responsible for ensuring Risk and Control owners and all staff are aware of the relevant information Security Risk policies and provide advice and guidance on how to ensure compliance. They perform risk based monitoring of Information and Cyber Security Risk controls / policies and standards to validate control effectiveness and monitor timely resolutions of information security issues including the capability to detect, respond and recover from incidents.


The BIRO has a reporting line (functional, direct or information flow) to either a Chief Control Officer, or Chief Administration Officer within a line of business/function. The Business is accountable for Information and Cyber Security risk management within their line of business/function and is supported by the CCO and the BIRO structure. The BIRO oversees / manages a network of Deputy BIROs, who assist with the objectives outlined above. The DBIRO has a reporting responsibility to the BIRO. DBIRO resourcing should be based on a consideration of the specific risks, structures, size and complexity of the business environment.

Key Accountabilities:

Undertake Information Security consultation – When required by the business, the BIRO can operate in a consultancy capacity for information security risks. This is vital for ensuring that information security controls are appropriate to the line of business and in line with the business’s risk appetite. The BIRO may provide guidance to the business regarding involvement of other key stakeholders (e.g. Information Security Risk and IT Security).

Support the business with the implementation of information security controls – This also may involve supporting the implementation of ISR projects/programs as outlined in the BIRO Standard Operating Procedures including:

  • Information Security & Cyber Risk Education and Awareness
  • End User Information Security
  • Third Party Controls
  • Physical Information Security
  • Data Leakage Prevention (DLP)
  • Risk & Control Assessments
  • Information Risk Identification and Management
  • Access Management

In addition to these key responsibilities, the BIRO will be expected to:

  • Support the business with identification of and management of their information security risks that are specific to their line of business/function
  • Continuously and proactively monitor established information security risk controls for the supported business against new and existing information security risks in conjunction with direction from the CCOs and in consultation with Information Security Risk
  • Provide regular reporting to senior management on risk and project progress, as required
  • Engage business/department management to ensure ownership and remediation of internal/external audit and regulatory requirements pertaining to information security, as required
  • Participate in all relevant conferences and meetings with the Regional / Global Business / Function / Information Security Risk teams and IT Security structure
  • Participate in the implementation of relevant projects/initiatives emanating from Global ISR; Assess whether business projects adhere to Information and Cyber Security practices and raise awareness of the need to remediate any identified issues.
  • Create and maintain a documented/detailed BIRO/DBIRO organisation structure for which they have responsibility, if appropriate
  • Have regular briefings and updates with BIROs, DBIROs and within the LOBs, as required
  • Ensure BIRO responsibilities are incorporated into personal Job Descriptions and objectives
  • Share best practices within area/region/globally (as applicable)
  • Undertake activities as defined by Global/Regional BIRO, which may form a GB/GF’s annual BIRO plan

Essential Experience/Knowledge:

  • Familiarity with the Information Security Risk sections of the Global Risk Policy, Security Risk
  • Excellent communication and interpersonal skills
  • Proven project and risk management capabilities with a focus on resolving complex problems
  • Effective team and matrix management skills in multi-cultural environments
  • Working knowledge of applicable security/risk concepts and methodologies
  • Organized and autonomous

We offer:

  • Contact with top IT technologies available in the market.
  • Employees’ benefits: Multisport Card, private medical and dental health care, life insurance,
  • Free parking space for our employees – few minutes from the office,
  • Internal training events and workshops,
  • Realistic career progression opportunities in an international organization,
  • Casual dress code,
  • Cultural exchange.


You'll achieve more when you join HSBC.

To apply for this position please send your curriculum vitae in English, using "Apply now" button below.

Applications sent to us will be taken into consideration only if they include the following statement:
I hereby declare that I have familiarized myself with the Privacy Statement for Applicants published at http://www.about.hsbc.pl/careers and I hereby give consent for personal data included in my application to be processed for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).”
In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: [email protected]

Ogłoszenie archiwalne

Pracodawca zakończył zbieranie zgłoszeń na tę ofertę

Aktualne oferty pracodawcy