HSBC Service Delivery (Polska) Sp. z o.o.

HSBC Service Delivery (Polska) Sp. z o.o.

(Cybersecurity) Business Enablement Risk Lead

Offer parameters

salary not specified

contract of employment (full-time)

hybrid work
valid for 20 days
(until 24 Jun)
Набір відкритий для українців
Recruitment open to Ukrainians
Kraków, Lesser Poland (Poland)
Kapelanka 42a

Technologies we use



About the project

HSBC operates from over 3,900 offices in 67 countries, supporting 38 million customers in an increasingly digital offering that requires always on and secure operations of the technology estate.
The Cybersecurity team at HSBC is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through specialized subject matter experts.
The CST Business Engagement risk lead is a role within the Cybersecurity Strategy & Transformation (CST) function of the Cybersecurity team. The role holder will interface and work closely with the relevant stakeholders within the Cybersecurity Business Enablement (CBE) function and will contribute for delivering the CST Business Enablement framework and operating model going forward.

Your responsibilities

  • The CST Business Engagement risk lead will drive and deliver the following services in conjunction with the CST team and individual Global Business/Global Function/Regional (GB/GF/Regional) CBE teams:
  • Work with control and service owners to agree strategy, roadmap and architecture business cases to meet GB/GF/Reg needs
  • Work with the strategy and architecture team, risk and control owners, GRC and CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to identify global gaps or opportunities for improvement, highlighted in audits and emerging from evolving regulatory requirements.
  • Assist Cybersecurity capability leads/ Product Owners/ project teams to prioritise demand based on GB/GF/Reg risk return on investments, change feasibility and the mandatory nature of change (regulations).
  • Liaise with CBE delivery and consulting leads in respective GB/GF/Reg to identify requirements and strategy for central change initiatives.
  • Gather CISO, strategy, architecture and GB/GF requirements regions and business via the CBE teams within respective GB/GF/Reg. (for example by participating in their Business Cyber Defense forums, Business-Cyber delivery forums, RCMM’s etc.) Via the CBE team, understand local business strategy and direction, with focus on information security as input in development of the transformation and strategic plans. Liaise with Strategy and Service Management team within CST to assist with overall business case development and investment planning.
  • Support change programme management in relation to GB/GF/Reg:
  • Support coordination and facilitate discussion between Cybersecurity capability leads/ Product Owners/ project teams; technology and the CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to define qualitative and quantitative benefits of the change.
  • Assist Cybersecurity capability leads/ Product Owners/ project teams to understand the path of adoption for the work they are doing.
  • Work with Cybersecurity capability leads/ Product Owners/ project teams to ensure strategies, roadmaps and architecture meet requirements from CBE teams
  • Support and facilitate the Business Case (Investment Feasibility) development process and support in relevant approval/ sign off. Work with CBE team (RISO & BISO, cyber delivery and consulting leads) to manage stakeholders within GB/GF/Reg.
  • Coordinate change delivery/ deployment across recipients of change (i.e. regional control owners):
  • Work with Cybersecurity capability leads/ Product Owners/ project teams and Service Owners to assist with the development of the Operational Readiness plan (i.e. BAU embedment) for the GB/GF/Reg within the change releases.
  • Ensure clear traceability of delivery to outcomes, risks and control improvements. Engage with CBE teams (RISO’s, BISO’s, Delivery and Consulting leads), CRCS Pods owners along with the Cybersecurity capability leads/ Product Owners/Value Stream Lead/ Project teams; to deliver clear business benefits around project scope, progress, control uplift maturity, regulatory outcomes and overall benefits in business friendly language.
  • Ensure escalation for CBE and project teams and support with unblocking change delivery/ adoption issues for their respective assigned areas of CBE business and regions. Also provide specialist advise/ business context to the as it pertains to the GB/GF/ Reg.
  • Support the proactive management of risks for delivery, operational and implementation rollout for business/regions within the Cybersecurity Sub-Value Stream (SVS) and Platforms, through coordination and collaboration with capability leads/ Product Owners/ project teams and Portfolio Mgmt. team and CBE teams (RISO’s, BISO’s, Delivery and Consulting leads)
  • Assist the delivery teams and Cybersecurity capability leads/ Product Owners/ project teams in ensuring that the production of work is accounted and planned for as part of portfolio delivery.

Our requirements

  • Good Risk and Controls understanding
  • Knowledge and exposure of Cybersecurity Risk and Control Management
  • Experience of translating difficult IT concepts into business language;
  • Experience with Technology risks and controls related to Cybersecurity
  • Strong progamme and project management/ business analysis background
  • Experience of project management principles or have a relevant Project Management qualification (e.g. PRINCE2, Agile);
  • Experience with Project Management Tools (such as Clarity, JIRA)
  • Technical background
  • Excellent cybersecurity knowledge; Understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors, inherent/residual risk;
  • Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs);
  • Familiarity with the NIST Cyber Security Framework (CSF);
  • Understanding of regulatory landscape.
  • Strong stakeholder management and communications skills
  • Experience of working at an operational level in international environments;
  • Experience in managing stakeholders;
  • Experience in creating and reviewing executive reports (up to board level);
  • Experience of setting and assuring delivery quality criteria for cybersecurity delivery including strategies, roadmaps, architecture and plans
  • Experience in dealing with senior management, internal/ external audit, business and wide array of global stakeholders.
  • Team-oriented mentality combined with ability to complete tasks independently to a high quality standard
  • Experience within fast-moving, complex and demanding corporate environments that run large Cybersecurity change programmes/ portfolio of work needing engagement with complex stakeholder across the lifecycle i.e. requirement gathering, development, deployment/ embedding, benefit realisation and feedback.


  • Experience with GRC Tools (such as HELIOS, ServiceNow, Archer)
Company Image


  • sharing the costs of sports activities
  • private medical care
  • sharing the costs of foreign language classes
  • sharing the costs of professional training & courses
  • life insurance
  • remote work opportunities
  • flexible working time
  • integration events
  • corporate sports team
  • doctor’s duty hours in the office
  • retirement pension plan
  • corporate library
  • no dress code
  • video games at work
  • coffee / tea
  • parking space for employees
  • leisure zone
  • extra social benefits
  • employee referral program
  • opportunity to obtain permits and licenses
  • charity initiatives
  • family picnics
  • extra leave

Recruitment stages

  • 1.
    Online assessment
  • 2.
    Phone interview
  • 3.
    Zoom interview
  • 4.
    Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 63 countries and territories.
HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.
Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

This is how we work

I apply to:
HSBC Service Delivery (Polska) Sp. z o.o.
HSBC Service Delivery (Polska) Sp. z o.o.
Kraków, Kapelanka 42a, Lesser Poland (Poland)
Pracodawca zbiera zgłoszenia przez swój system. Przejdziesz na jego formularz.

Klikając w przycisk „Aplikuj” potwierdzasz, że zapoznałeś(-łaś) się i akceptujesz Regulamin serwisu.

Grupa Pracuj S.A. jest administratorem Twoich danych dla celów świadczenia Ci usług w the:protocol oraz w celach analitycznych i marketingowych. Jeżeli masz pytania lub chcesz skorzystać ze swoich praw (dostępu do danych, ich sprostowania, usunięcia, ograniczenia przetwarzania, przeniesienia, sprzeciwu lub skargi do PUODO), skontaktuj się z nami: [email protected] lub z naszym inspektorem ochrony danych: [email protected]. Więcej informacji w Polityce Prywatności.

Thank you for interest in HSBC. . Before you apply, please note that we will take into the consideration only applications that include the following statement: . “I hereby declare that I have familiarised myself with the Privacy Statement for Applicants published at and I give my consent to use my personal data included in my application for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to the rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).” . Due to the high number of applications, we reserve the right to contact selected candidates only. . In case you would like to resign from participation in the recruitment process or withdraw previously sent application, please email us at: [email protected]

Need more information?

You can ask the recruiter a casual question. You will receive a reply within three business days.

Check first if the answer to your question is not already in the body of the offer.
An employer may not respond to your question, particularly if there are less than 3 business days remaining before the offer ends.

Wybraliśmy dla Ciebie