Oferta pracy

Thank you for interest in HSBC. . Before you apply, please note that we will take into the consideration only applications that include the following statement: . “I hereby declare that I have familiarised myself with the Privacy Statement for Applicants published at http://www.about.hsbc.pl/careers and I give my consent to use my personal data included in my application for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to the rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).” . Due to the high number of applications, we reserve the right to contact selected candidates only. . In case you would like to resign from participation in the recruitment process or withdraw previously sent application, please email us at: [email protected]
Oferta z szybkim aplikowaniem 
co to?
Na oferty z aktywnym „Aplikuj szybko” zaaplikujesz jednym kliknięciem. Korzystają one z danych używanych przez Ciebie przy ostatnim aplikowaniu. Jeśli jeszcze tego nie robiłaś/eś, nie przejmuj się. Za pierwszym razem trafisz na pełny formularz aplikowania.
HSBC Service Delivery (Polska) Sp. z o.o.

Global Resilience Risk Specialist, Cloud Senior Manager

HSBC Service Delivery (Polska) Sp. z o.o.About the company

  • Kapelanka 42a, Kraków
    Kraków, Lesser Poland
  • Valid for 15 days
    until: 30 Apr 2021
  • Remote recruitment
  • contract of employment
  • full-time
  • senior specialist (Senior)

HSBC Service Delivery (Polska) Sp. z o.o.

Kapelanka 42a

Kraków

Your responsibilities

  • Provide Technical SME oversight of the continuous monitoring for HSBC Cloud platforms Risk and Controls. For example: challenge and validate HSBC built and managed shared platform’s controls design, operation, effectiveness rational, oversight of mandatory procedure and adherence to operating instructions, KCI definitions and execution, continuous monitoring plan and issue/action updates; assess overall security operational readiness per platform.

  • Provide Technical SME support for critical business cloud adoption including workloads (direct use of cloud on HSBC managed cloud platform; indirect use on cloud SaaS workloads) by providing technical opinion on the workloads controls designs (sampling IAM roles permissions, configurations design/settings), and cloud risk assessment (threat modelling, pen testing) depth and quality prior to going live.

  • Provide Technical security opinion to risk and control owners, to ensure effective policy compliance, help identify improvements, share best practices and response to issues and cloud incidents. For example, providing SME guidance on security baseline for native cloud products prior to adoption by IT Developers, monitoring and assessing deviation from cloud native products security patterns.

  • Regularly and formally document and communicate information and cyber technology risk observations, and ensure risk management items are appropriately captured in Group's operational risk management systems (i.e. HELIOS).

  • Offer SME support on the newly design cloud journey approval process, technical opinion on the adequacy of exit planning, metrics for measure risk aggregation in cloud and risk assessment methodology for cloud workload and platform.

  • Offer SME opinion on the suitability of native Cloud security tooling vs 3rd party vendor security tooling e.g. containers scanning, federated IAM for control improvements

  • Attend project steering committee, workshops, provide independent reporting, packs and evidence for internal and external audit

  • Coordination of activities across stakeholders

  • Provide perioding view on 2LOD view of the cloud platform top security concerns, maturity, and operational readiness for non-technical stakeholders.

Our requirements

  • Experience of Cyber security and information security risk best practice and risk management processes

  • Hands on experience in Cloud (GCP, AWS, Azure, AliCloud) security architecture, security engineering, or equivalent experience.

  • Ability to provide direction and guidance on a variety of technology and security controls for cloud such as vulnerability management, SOC integration, continuous monitoring, automated risk assessments, hardening, from design, operation, and monitoring lenses.

  • Provide SME opinion on architectural use cases and requirements, assess hardened configuration standards for cloud services.

  • Experience in SEC Dev-ops practice and tooling, application security threat modelling & data security.

  • Experience in Cloud Formation and Terraform

  • Experience dealing and responding to IT Audit

  • Expert understanding of Identity and Access Management (ADFS, OAuth), SDLC, and Infrastructure as Code principles and practices

  • Hands on experience in dealing with Cloud service providers products (functional and native security products) - GCP,AWS, Azure, AliCloud

  • Expertise in cloud compliance/auditing/monitoring tools

  • Experienced in full automation and configuration management

  • Information security and risk consultancy

  • Programming / engineering / Architecture experience in one of the 3 CSP ( 2 years +)

  • Automation scripting (using scripting languages such as Terraform, Ansible etc.) (2 years +)

Optional

  • GCP, AWS, Azure, AliCloud Certifications, in particular security certifications e.g. GCP Certified Security engineers, AWS security professional, Azure Security Engineering etc.,

  • Security certification (Cloud Certified Security Professional (CCSP), CISSP,CEH,CISM)

  • Technical knowledge (CSP’s, IAM, OS, CI/CD and automation tools)

What we offer

  • Stable job in professional team.

  • Interesting path of career in an international organization.

  • Consistent scope of responsibilities.

  • Private health care, employees’ benefits.

  • Being part of a team dealing directly with risk modelling applied to trading book of one of the world’s largest banks.

  • Benefits

  • sharing the costs of sports activities

  • private medical care

  • sharing the costs of foreign language classes

  • sharing the costs of professional training & courses

  • life insurance

  • remote work opportunities

  • flexible working time

  • integration events

  • corporate sports team

  • doctor’s duty hours in the office

  • retirement pension plan

  • corporate library

  • no dress code

  • video games at work

  • coffee / tea

  • parking space for employees

  • leisure zone

  • extra social benefits

  • employee referral program

  • opportunity to obtain permits and licenses

  • charity initiatives

  • family picnics

  • extra leave

Recruitment stages
1

Phone interview

2

Online assessment

3

Zoom interview

4

Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 64 countries and territories.

HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.

Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

Scroll to the company’s profile
This is how we work
This is how we work

Job Description

Operational Resilience Risk (ORR) is the 2nd LoD function, part of Global Risk and independent from day-to-day operations of the 1st LoD (Technology, Cyber Security, etc.), acting to ensure that operational resilience including cyber information security risk across the bank is appropriately managed.

The Cloud Security Risk Role drives risk management oversight of HSBC’s use of information technology provided either by HSBC Technology function or third parties, focused on cloud adoption and provision. This role will closely interact with control owners and Technology teams in 1LoD, providing oversight and challenge as to the bank’s secure use of cloud-related technologies against various internal and external information and cyber security threats, and whether plans to mitigate related risks are appropriately robust and sufficient. The focus is on cloud and information security risk oversight for related people, process and technology components.

This a technical role and requires and a combination of hands on experience in Cloud Technology and Cyber security risk consultancy. Audience will include Technology and non-technical stakeholders.