(Cybersecurity) Threat and Controls Assessment Senior Analyst

HSBC Service Delivery (Polska) Sp. z o.o.

  • Kapelanka 42a, Dębniki, Kraków
    Kraków, Lesser Poland
  • offer expired 2 months ago
  • contract of employment
  • full-time
  • senior specialist (Senior)
  • hybrid work
  • remote recruitment
  • запрошуємо працівників з України
ukrainian-friendly-overlay
Запрошуємо працівників з України
Роботодавець відкритий для працевлаштування громадян України

HSBC Service Delivery (Polska) Sp. z o.o.

Kapelanka 42a

Dębniki

Kraków

Technologies we use

Optional

  • AWS

  • GCP

  • Azure

About the project

Our Technology teams work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers.

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams – on premise, within the Cloud and resulting from 3rd party engagements.

Your responsibilities

  • Perform effective threat and control assessments of services within our internal, external and cloud estate.

  • Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps.

  • Understand the Business requirements, evaluate potential products / solutions and provide technical recommendations.

  • Be "hands on" with technology and contribute to the design, development and the support of projects with security recommendations.

  • Identify threats across the IT estate; including applications, databases, network and other infrastructure components.

  • Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.

  • Contribute to process, procedures and tool identification/development.

  • Stay up to date with industry new trends and best practices.

Our requirements

  • Good Risk and Controls understanding

  • Knowledge and exposure of Risk and Control Management

  • Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders

  • Strong Technical background

  • Proven experience in general security concepts and principles

  • Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets

  • Strong understanding of applications design and architecture

  • Knowledge and experience with network, host and application security practices

  • Good working knowledge of one or more of the Cloud Service Providers – AWS, GCP or Azure

  • Strong understanding of Software Development Life Cycle (SDLC) with a focus on security

  • Experience in continuous improvement and process optimisation.

  • Understanding of emerging technologies and corresponding security threats

  • Strong stakeholder management and communications skills

  • Experience of working in international and diverse environments

  • Experience in engaging with business, technology, regional and regulatory stakeholders

  • Ability to communicate to key stakeholders – effectively translating technical gaps into business risk

  • Ability to complete tasks independently to a high quality standard

  • Self-motivated individual with strong analytical and problem solving skills

  • Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change

  • Mindset

  • An inquisitive approach, always asking how to achieve goals in a smarter and more effective way

  • Positive and professional attitude, team player, flexible and adaptable, embraces change

Optional

  • Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications

What we offer

  • Stable job in professional team,

  • Ability to learn from senior analysts

  • Interesting path of career in an international organization,

  • Consistent scope of responsibilities,

  • Private health care, employees’ benefits.

Benefits

  • sharing the costs of sports activities

  • private medical care

  • sharing the costs of foreign language classes

  • sharing the costs of professional training & courses

  • life insurance

  • remote work opportunities

  • flexible working time

  • integration events

  • corporate sports team

  • doctor’s duty hours in the office

  • retirement pension plan

  • corporate library

  • no dress code

  • video games at work

  • coffee / tea

  • parking space for employees

  • leisure zone

  • extra social benefits

  • employee referral program

  • opportunity to obtain permits and licenses

  • charity initiatives

  • family picnics

  • extra leave

Recruitment stages
1

Phone interview

2

Online assessment

3

Zoom interview

4

Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 63 countries and territories.

HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.

Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Scroll to the company’s profile