Mid-Level Cybersecurity Controls Analyst – Security Controls Design and Oversight

Empower cybersecurity—shape resilient defenses in a rapidly evolving threat landscape.

Krakow-based opportunity with hybrid work model (4 days remote per week).

As a Mid-Level Cybersecurity Controls Analyst, you will be working for our client, a leading financial institution committed to safeguarding digital assets and strengthening cybersecurity frameworks. You will contribute to designing and overseeing cybersecurity controls, ensuring compliance with industry standards and regulatory requirements in a dynamic, global environment.

Your main responsibilities:

• Define and maintain operational control instances, policies, standards, and procedures for Group Cybersecurity
• Collaborate with Control Owners, 2LoD, and CCO Technology to ensure controls are aligned with HSBC requirements and industry best practices (NIST 800-53)
• Support Control Owners in defining measures in accordance with HSBC's KCI Design Framework and industry standards (CIS)
• Work with CTE and CMT teams to verify controls' compliance with legal and regulatory frameworks
• Assist NSEC Control Owner in designing, managing, and maintaining cybersecurity control Policies, Standards, and Procedures
• Ensure control measurements produce data sufficient for stakeholder reporting

You're ideal for this role if you have:

• At least 3 years of experience in risk and controls management within cybersecurity environments
• Technical knowledge of cybersecurity fundamentals, with specializations welcome
• Understanding of the Network Security domain (preferred)
• Experience with metrics and measures such as KCIs, KRIs, and KPIs for risk and control management
• Strong technical writing skills and proficient English communication
• Excellent stakeholder engagement and collaboration skills
• Experience working in international, fast-paced corporate environments
• Problem-solving capabilities and the ability to address governance challenges effectively

It is a strong plus if you have: (optional)

• Recognized cybersecurity certifications
• Prior experience in large-scale cybersecurity control environments
• Knowledge of banking industry cybersecurity standards

Language Required for the role:
Fluent English (good command)

Eligibility for the role:
Only candidates with an existing legal right to work in the European Union will be considered for this role.

#MAKEYourCareerBETTER
Interested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.