sharing the costs of sports activities
Global Resilience Risk Specialist, Cloud Senior Manager
HSBC Service Delivery (Polska) Sp. z o.o.About the company
- Kapelanka 42a, KrakówKraków, Lesser Poland
- Valid for 15 daysuntil: 30 Apr 2021
- Remote recruitment
- contract of employment
- senior specialist (Senior)
Provide Technical SME oversight of the continuous monitoring for HSBC Cloud platforms Risk and Controls. For example: challenge and validate HSBC built and managed shared platform’s controls design, operation, effectiveness rational, oversight of mandatory procedure and adherence to operating instructions, KCI definitions and execution, continuous monitoring plan and issue/action updates; assess overall security operational readiness per platform.
Provide Technical SME support for critical business cloud adoption including workloads (direct use of cloud on HSBC managed cloud platform; indirect use on cloud SaaS workloads) by providing technical opinion on the workloads controls designs (sampling IAM roles permissions, configurations design/settings), and cloud risk assessment (threat modelling, pen testing) depth and quality prior to going live.
Provide Technical security opinion to risk and control owners, to ensure effective policy compliance, help identify improvements, share best practices and response to issues and cloud incidents. For example, providing SME guidance on security baseline for native cloud products prior to adoption by IT Developers, monitoring and assessing deviation from cloud native products security patterns.
Regularly and formally document and communicate information and cyber technology risk observations, and ensure risk management items are appropriately captured in Group's operational risk management systems (i.e. HELIOS).
Offer SME support on the newly design cloud journey approval process, technical opinion on the adequacy of exit planning, metrics for measure risk aggregation in cloud and risk assessment methodology for cloud workload and platform.
Offer SME opinion on the suitability of native Cloud security tooling vs 3rd party vendor security tooling e.g. containers scanning, federated IAM for control improvements
Attend project steering committee, workshops, provide independent reporting, packs and evidence for internal and external audit
Coordination of activities across stakeholders
Provide perioding view on 2LOD view of the cloud platform top security concerns, maturity, and operational readiness for non-technical stakeholders.
Experience of Cyber security and information security risk best practice and risk management processes
Hands on experience in Cloud (GCP, AWS, Azure, AliCloud) security architecture, security engineering, or equivalent experience.
Ability to provide direction and guidance on a variety of technology and security controls for cloud such as vulnerability management, SOC integration, continuous monitoring, automated risk assessments, hardening, from design, operation, and monitoring lenses.
Provide SME opinion on architectural use cases and requirements, assess hardened configuration standards for cloud services.
Experience in SEC Dev-ops practice and tooling, application security threat modelling & data security.
Experience in Cloud Formation and Terraform
Experience dealing and responding to IT Audit
Expert understanding of Identity and Access Management (ADFS, OAuth), SDLC, and Infrastructure as Code principles and practices
Hands on experience in dealing with Cloud service providers products (functional and native security products) - GCP,AWS, Azure, AliCloud
Expertise in cloud compliance/auditing/monitoring tools
Experienced in full automation and configuration management
Information security and risk consultancy
Programming / engineering / Architecture experience in one of the 3 CSP ( 2 years +)
Automation scripting (using scripting languages such as Terraform, Ansible etc.) (2 years +)
GCP, AWS, Azure, AliCloud Certifications, in particular security certifications e.g. GCP Certified Security engineers, AWS security professional, Azure Security Engineering etc.,
Security certification (Cloud Certified Security Professional (CCSP), CISSP,CEH,CISM)
Technical knowledge (CSP’s, IAM, OS, CI/CD and automation tools)
What we offer
Stable job in professional team.
Interesting path of career in an international organization.
Consistent scope of responsibilities.
Private health care, employees’ benefits.
Being part of a team dealing directly with risk modelling applied to trading book of one of the world’s largest banks.
private medical care
sharing the costs of foreign language classes
sharing the costs of professional training & courses
remote work opportunities
flexible working time
corporate sports team
doctor’s duty hours in the office
retirement pension plan
no dress code
video games at work
coffee / tea
parking space for employees
extra social benefits
employee referral program
opportunity to obtain permits and licenses
Welcome to HSBC!
HSBC Service Delivery (Polska) Sp. z o.o.
HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 64 countries and territories.
HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.
Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.
This is how we work
This is how we work
Operational Resilience Risk (ORR) is the 2nd LoD function, part of Global Risk and independent from day-to-day operations of the 1st LoD (Technology, Cyber Security, etc.), acting to ensure that operational resilience including cyber information security risk across the bank is appropriately managed.
The Cloud Security Risk Role drives risk management oversight of HSBC’s use of information technology provided either by HSBC Technology function or third parties, focused on cloud adoption and provision. This role will closely interact with control owners and Technology teams in 1LoD, providing oversight and challenge as to the bank’s secure use of cloud-related technologies against various internal and external information and cyber security threats, and whether plans to mitigate related risks are appropriately robust and sufficient. The focus is on cloud and information security risk oversight for related people, process and technology components.
This a technical role and requires and a combination of hands on experience in Cloud Technology and Cyber security risk consultancy. Audience will include Technology and non-technical stakeholders.