(Cybersecurity Operations) Business Information Risk Officer (BIRO)
HSBC Service Delivery (Polska) Sp. z o.o.O firmie
- Kapelanka 42A, 30-347 Kraków, PolskaKraków, małopolskie
- Ogłoszenie wygasło 3 dni temu
- Umowa o pracę
- Pełny etat
- Kierownik / Koordynator
Business Information Risk Officer (BIRO)
Business Information Risk Officers (BIRO) are responsible for ensuring Risk and Control owners and all staff are aware of the relevant information Security Risk policies and provide advice and guidance on how to ensure compliance. They perform risk based monitoring of Information and Cyber Security Risk controls / policies and standards to validate control effectiveness and monitor timely resolutions of information security issues including the capability to detect, respond and recover from incidents.
The BIRO has a reporting line (functional, direct or information flow) to either a Chief Control Officer, or Chief Administration Officer within a line of business/function. The Business is accountable for Information and Cyber Security risk management within their line of business/function and is supported by the CCO and the BIRO structure. The BIRO oversees / manages a network of Deputy BIROs, who assist with the objectives outlined above. The DBIRO has a reporting responsibility to the BIRO. DBIRO resourcing should be based on a consideration of the specific risks, structures, size and complexity of the business environment.
Undertake Information Security consultation – When required by the business, the BIRO can operate in a consultancy capacity for information security risks. This is vital for ensuring that information security controls are appropriate to the line of business and in line with the business’s risk appetite. The BIRO may provide guidance to the business regarding involvement of other key stakeholders (e.g. Information Security Risk and IT Security).
Support the business with the implementation of information security controls – This also may involve supporting the implementation of ISR projects/programs as outlined in the BIRO Standard Operating Procedures including:
- Information Security & Cyber Risk Education and Awareness
- End User Information Security
- Third Party Controls
- Physical Information Security
- Data Leakage Prevention (DLP)
- Risk & Control Assessments
- Information Risk Identification and Management
- Access Management
In addition to these key responsibilities, the BIRO will be expected to:
- Support the business with identification of and management of their information security risks that are specific to their line of business/function
- Continuously and proactively monitor established information security risk controls for the supported business against new and existing information security risks in conjunction with direction from the CCOs and in consultation with Information Security Risk
- Provide regular reporting to senior management on risk and project progress, as required
- Engage business/department management to ensure ownership and remediation of internal/external audit and regulatory requirements pertaining to information security, as required
- Participate in all relevant conferences and meetings with the Regional / Global Business / Function / Information Security Risk teams and IT Security structure
- Participate in the implementation of relevant projects/initiatives emanating from Global ISR; Assess whether business projects adhere to Information and Cyber Security practices and raise awareness of the need to remediate any identified issues.
- Create and maintain a documented/detailed BIRO/DBIRO organisation structure for which they have responsibility, if appropriate
- Have regular briefings and updates with BIROs, DBIROs and within the LOBs, as required
- Ensure BIRO responsibilities are incorporated into personal Job Descriptions and objectives
- Share best practices within area/region/globally (as applicable)
- Undertake activities as defined by Global/Regional BIRO, which may form a GB/GF’s annual BIRO plan
- Familiarity with the Information Security Risk sections of the Global Risk Policy, Security Risk
- Excellent communication and interpersonal skills
- Proven project and risk management capabilities with a focus on resolving complex problems
- Effective team and matrix management skills in multi-cultural environments
- Working knowledge of applicable security/risk concepts and methodologies
- Organized and autonomous
- Contact with top IT technologies available in the market.
- Employees’ benefits: Multisport Card, private medical and dental health care, life insurance,
- Free parking space for our employees – few minutes from the office,
- Internal training events and workshops,
- Realistic career progression opportunities in an international organization,
- Casual dress code,
- Cultural exchange.
To apply for this position please send your curriculum vitae in English, using "Apply now" button below.