Mid-Level Cybersecurity Controls Design Analyst – Risk & Controls

Unleash cybersecurity excellence — champion the future by designing resilient controls that guard digital assets!

Krakow-based opportunity with hybrid work model (up to 3 remote days per week).

As a Mid-Level Cybersecurity Controls Design Analyst, you will be working for our client, a leading international bank with a focus on innovative financial services and digital security. This role is pivotal in shaping and maintaining the cybersecurity control environment, ensuring safeguarding of the bank’s operations, data, and reputation through effective risk management and industry best practices. Join us to help build a safer digital banking landscape and advance your career in a dynamic, global environment.

Your main responsibilities:

• Define, design, and oversee operational cybersecurity controls in accordance with industry standards such as NIST 800-53, ensuring alignment with bank requirements.
• Collaborate with Control Owners, 2LoD, and CCO Technology to maintain control measurements, policies, standards, and procedures.
• Support control assessments and ensure controls meet legal, regulatory, and compliance obligations.
• Assist in defining control metrics (KCIs, KRIs, KPIs) to enable effective risk monitoring and reporting.
• Engage with stakeholders across Engineering, Operations, and Security Assessment teams to deliver consistent and compliant control frameworks.
• Contribute to continuous improvement initiatives in cybersecurity governance and control processes.
• Maintain clear and professional documentation, including Policies, Procedures, and Standards, tailored for technical and non-technical audiences.

You're ideal for this role if you have:

• Minimum of 4 years of experience in risk management, controls design, or cybersecurity governance.
• Strong subject matter expertise in control management, including implementation, assessment, and reporting.
• Technical knowledge of cybersecurity principles, with a focus on network security domains being a plus.
• Familiarity with metrics such as KCIs, KRIs, KPIs and their application in risk oversight.
• Proven ability to translate technical concepts into clear, business-friendly language.
• Excellent English communication skills, both written and verbal.
• Recognized certifications related to cybersecurity or control frameworks are advantageous.
• Strong stakeholder engagement skills, capable of working with diverse teams within complex international environments.
• Self-motivated, team-oriented, with high-quality standards and the ability to work independently under tight deadlines.

It is a strong plus if you have:

• Certifications such as CISSP, CISM, or similar.
• Experience working within financial services or large regulated industries.

Language Required for the role:

• Fluent English (spoken and written).

Eligibility for the role:

• Only candidates with an existing legal right to work in the European Union will be considered for this role.

#MAKEYourCareerBETTER

Interested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.