HSBC Service Delivery (Polska) Sp. z o.o.

HSBC Service Delivery (Polska) Sp. z o.o.

(Cybersecurity) Threat and Controls Assessment Specialist

Offer parameters
hybrid work
Набір відкритий для українців
Recruitment open to Ukrainians
Kraków, Lesser Poland (Poland)
Kapelanka 42a

Technologies we use



About the project

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework.
The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC’s estate in concert with business and technology teams – on premise, within the Cloud and resulting from 3 rd party engagements.

Your responsibilities

  • The Threat and Controls Assessment Specialist role will work as part of the global team to perform Threat Modelling on HSBC services.
  • This is a senior role reporting into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing;
  • Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability
  • identification.
  • Perform effective threat and control assessments for complex services and platforms across the HSBC estate. This will include cloud platform reviews for Azure, AWS and GCP
  • Liaise with developers, architects and other technical leads to understand the end to end service and identify where there are any control gaps
  • Work with the CSAT management team to enhance the Threats and Controls Assessment Service.
  • Provide supervision, guidance and mentor less experienced members of the global team
  • Act as a point of contact and source of advice on issues relating to Cybersecurity within the team

Our requirements

  • Mindset
  • An inquisitive approach, always asking how to achieve goals in a smarter and more effective way
  • An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts, across the amazing scale that HSBC brings.
  • Stay up to date within the industry of new trends, and best practices
  • Good Risk and Controls understanding
  • Knowledge and exposure of Risk and Control Management · Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders.
  • Knowledge of different frameworks and methodologies including Threat Modelling using STRIDE and the MITRE ATT&CK Framework.
  • Strong Technical background
  • Expert hands on knowledge in one or more of the main Cloud Service Providers – Azure, AWS or GCP
  • Proven experience in general security concepts and principles and application specific security concepts and principles.
  • Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets
  • Strong understanding of applications design and architecture
  • Strong understanding of Software Development Life Cycle (SDLC) with a focus on security
  • Knowledge and experience with network, host and application security practices
  • Understanding of emerging technologies and corresponding security threats
  • Strong stakeholder management and communications skills
  • Experience in engaging with business, technology, regional and regulator stakeholders
  • Ability to communicate to executive leadership – effectively translating technical gaps into business risk
  • Ability to prepare concise presentations and updates for senior management


  • Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications
  • Proven experience working in a large scale, multi-national and technologically diverse environment

What we offer

  • Employees’ benefits: Multisport Card, private medical and dental health care, life insurance,
  • Flexible working model
  • Free parking space for our employees – few minutes from the office,
  • Internal training events and workshops
  • Budget for external trainings


  • sharing the costs of sports activities
  • private medical care
  • sharing the costs of foreign language classes
  • sharing the costs of professional training & courses
  • life insurance
  • remote work opportunities
  • flexible working time
  • integration events
  • corporate sports team
  • doctor’s duty hours in the office
  • retirement pension plan
  • corporate library
  • no dress code
  • video games at work
  • coffee / tea
  • parking space for employees
  • leisure zone
  • extra social benefits
  • employee referral program
  • opportunity to obtain permits and licenses
  • charity initiatives
  • family picnics
  • extra leave

Recruitment stages

  • 1.
    Phone interview
  • 2.
    Online assessment
  • 3.
    Zoom interview
  • 4.
    Welcome to HSBC!

HSBC Service Delivery (Polska) Sp. z o.o.

HSBC is one of the world’s largest banking and financial services organisations. Our global businesses serve more than 40 million customers worldwide through a network that covers 63 countries and territories.
HSBC Service Delivery (Polska) Sp. z o.o. is HSBC's global finance, operations, risk and technology centre. We use our unique expertise and capabilities to provide specialised services – our people range from technologists transforming the banking experience to operations professionals managing 1.7 trillion payments a year.
Our Purpose – Opening up a world of opportunity – explains why we exist. We are bringing together the people, ideas and capital that nurture progress and growth, helping to create a better world – for our customers, our people, our investors, our communities and the planet we all share.

This is how we work

I apply to:
HSBC Service Delivery (Polska) Sp. z o.o.
HSBC Service Delivery (Polska) Sp. z o.o.
Kraków, Lesser Poland (Poland)
Pracodawca zbiera zgłoszenia przez swój system. Przejdziesz na jego formularz.

Klikając w przycisk „Aplikuj” potwierdzasz, że zapoznałeś(-łaś) się i akceptujesz Regulamin serwisu.

Grupa Pracuj S.A. jest administratorem Twoich danych dla celów świadczenia Ci usług w the:protocol oraz w celach analitycznych i marketingowych. Jeżeli masz pytania lub chcesz skorzystać ze swoich praw (dostępu do danych, ich sprostowania, usunięcia, ograniczenia przetwarzania, przeniesienia, sprzeciwu lub skargi do PUODO), skontaktuj się z nami: [email protected] lub z naszym inspektorem ochrony danych: [email protected]. Więcej informacji w Polityce Prywatności.

Thank you for interest in HSBC. . Before you apply, please note that we will take into the consideration only applications that include the following statement: . “I hereby declare that I have familiarised myself with the Privacy Statement for Applicants published at and I give my consent to use my personal data included in my application for the purposes of recruitment in HSBC Service Delivery (Polska) Sp. z o. o. according to the rules described in the Privacy Statement for Applicants, as per the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).” . Due to the high number of applications, we reserve the right to contact selected candidates only. . In case you would like to resign from participation in the recruitment process or withdraw previously sent application, please email us at: [email protected]

Need more information?

You can ask the recruiter a casual question. You will receive a reply within three business days.

Check first if the answer to your question is not already in the body of the offer.
An employer may not respond to your question, particularly if there are less than 3 business days remaining before the offer ends.