#1 Job Board for tech industry in Europe

  • Job offers
  • All offersKrakówSecurityCloud Security Controls Lead
    Cloud Security Controls Lead
    HSBC Service Delivery

    Cloud Security Controls Lead

    HSBC Service Delivery
    Type of work
    Employment Type
    Operating mode

    Tech stack

      cyber security






    Job description

    Some careers shine brighter than others.

    If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

    Your career opportunity

    Whilst the job holder will be based in Krakow, Poland, this is a Global role covering Cybersecurity Controls applicable to public Cloud (including Alibaba, AWS, Azure, GCP) across all countries and legal entities.

    The ‘Cloud Security Control Lead’ reports directly to the ‘Cloud Security Engineering and Delivery Lead’. Key to this role are HSBC’s Vision ’27 goals - Speed, Scale, Resilience and People.

    What you’ll do

    • Collaborate with Control Owners, 2LoD, Global Cloud Services (GCS) Platform teams and other key stakeholders, to ensure that Cybersecurity owned controls in the Risk and Controls Library are designed according to the Bank’s requirements and industry standards and best practices (e.g., NIST 800-53) and ensure that, where appropriate, the Controls make specific, explicit provision in their applicability for public Cloud use cases.
    • Collaborate with Control Owners and other stakeholders to ensure that Cybersecurity control measurements are defined in accordance with HSBC’s KCI Design Framework and industry best practices (CIS). Existing KCIs must be suitably adapted and new KCIs created as required ensuring effective coverage of public Cloud use cases.
    • Work with CRCS teams to ensure that the defined controls are compliant with Legal/Regulatory Mandatory requirements and that measurements provide sufficient data for stakeholder reports.
    • With specific reference to public Cloud use-cases, work with 2LoD, CCO Technology, Audit (internal and external), GCS platform teams and other key stakeholders to ensure that the Cybersecurity owned controls are monitored, assessed, and tested according to the Bank’s requirements, Risk Management Framework (RMF) and other external regulatory bodies.
    • Review and challenge the existing Risk and Control Library, Policies, Procedures and Standards for Cybersecurity controls with specific reference to applicability for public Cloud use cases.
    • Proactively identify gaps in the existing frameworks and propose remediation solutions in line with the industry standards and best practices.
    • Provide regular, timely, suitable data, reporting and content describing the status, coverage and effectiveness of Cybersecurity Controls, with specific reference to public Cloud for delivery to senior management forums (e.g., Risk and Controls Management Meeting).

    What you need to have to succeed in this role

    • Risk and Controls Background:
    • Strong understanding of Security Controls in particular, how these are applied in the context of public Cloud.
    • Ability to translate difficult IT concepts into business-friendly language.
    • Experience with Technology risks and controls. 
    • Technical background: 
    • Broad knowledge of Cybersecurity – concepts, requirements, operations.
    • Broad knowledge of Cloud (esp. public Cloud), principles, operations, concepts.
    • Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs).
    • Technical writing skills and highly proficient use of written English is required to ensure quality output to articulate Control, Policies, Procedure and Standards gaps and requirements with particular reference to public Cloud.
    • Excellent written and verbal communication skills with an ability to: 
    • Communicate with impact, ensuring complex information and data is articulated in a meaningful way to wide and varied audiences and stakeholders including senior management.
    • Produce clear and concise reports and control documentation for targeted audiences across internal and external stakeholders.
    • Influence, challenge and manage senior stakeholders.
    • Flexible approach to shifting or competing priorities. 
    • Strong technical problem-solving and trouble-shooting skills.
    • Strong technical awareness of Cloud, Cyber Security tools and concepts (ideally with a Cloud certification(s)) and one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications would be nice to have.

    What we offer

    • Competitive salary
    • Annual performance-based bonus
    • Additional bonuses for recognition awards
    • Multisport card
    • Private medical care
    • Life insurance
    • One-time reimbursement of home office set-up (up to 800 PLN).
    • Corporate parties & events
    • CSR initiatives
    • Nursery and kindergarten discounts
    • Language classes
    • Financial support with trainings and education
    • Social fund
    • Flexible working hours 
    • Free parking

    If your CV meets our criteria, you should expect the following steps in the recruitment process:

    • Online behavioural test
    • Telephone screen
    • Zoom interview with the hiring manager

    We are looking to hire as soon as possible so don’t wait and apply now!

    You'll achieve more when you join HSBC.