About the project:
The role requires the ability to translate technical Cybersecurity concepts into consumable
language for the business stakeholders. The role holder supports the Region/ Country Leader to
support the RISO to drive continuous assessment and improvement of cybersecurity and information
security risk in-country in line with the Bank’s risk appetites and a constantly evolving cyber-threat
The role holder is expected to support the execution of the Global Cybersecurity strategy through
various programmes by collaborating with the central Cybersecurity functions, Cybersecurity teams
within the region, various stakeholders across the business.
Scope of Coverage
• The Country Manager is expected to work with the Region/ Country Lead and is a key point
of contact for supporting the management of Information and Cybersecurity risks and
controls (including cyber owned and non-cyber owned controls), relating to their
governance, operation, monitoring and reporting.
Governance & Reporting
• Provide Information Security monitoring and risk reporting for the respective Countries,
ensuring all Cybersecurity related activities within the allocated area are shared with the
Region/ Country Lead in a timely manner.
o Support the Region/ Country leader to collaborate with the COO, CIO and the Heads
of Technology functions in the respective Region/ Country to manage information
security risks and maintain an effective cybersecurity control environment.
o By leveraging the global reporting capabilities, support the ongoing process of
providing monthly updates on the Cybersecurity control environment to drive
Cybersecurity control improvement initiatives.
o Provide assistance on all Cybersecurity related activities for respective
Country/Region regardless of which organisation delivers that security service.
o Work closely with the Region/ Country Lead to ensure all Country/Regional
requirements are provided to the central Cybersecurity function so that there is
sufficient coverage and prioritisation within change programmes and initiatives.
o Track and report on business-critical Cybersecurity strategic transformation
o Help prepare the Country Lead in providing status updates to the RISO who
represents Cybersecurity in relevant management and governance forums, e.g. Risk
Management Meeting (RMM), IT Control Environment Management Meeting (CEMM),
Cyber Security CEMM, Info Security Risk Working and Steering Group, Audit and Risk
• Align with existing governance structure and drive improvement for the management of
information security and cybersecurity controls (both cyber owned and non-cyber owned)
for the respective Region/ Country.
• Support the Region/ Country Lead to deliver the Global Cybersecurity strategy for the
respective Region/ Country ensuring local requirements are considered.
• Support the Region/ Country Lead to build and manage local plans and budgets which
identify value and cost reduction opportunities.
• Promote Cybersecurity awareness within the Region/ Country.
• Support clear reporting of Region/ Country initiatives, threat intelligence, etc. to improve
the overall perception of Cybersecurity as an enabler for business.
Information Security Risk Management & Remediation
• Understanding and articulating risks in the respective Region/ Country by having a clear
understanding of the Region/ Country’s critical assets, threats/vulnerabilities and
information security risk levels based on globally established control requirements and local
or jurisdictional requirements.
• Work collaboratively with the Region/ Country Leader to support the information security
and cybersecurity risk management and remediation activities for the respective Region/
• Help the Region/ Country Leader in articulating to senior management in the business and
technology teams the risk they are making a decision on or accepting while performing
business. Ensure risk sits within defined appetite and that it is cascaded up to the RISO in a
• Incident Management
o Support the Region/ Country Leader by collaborating with stakeholders in
respective Region/ Country to support the resolution / remediation of all major
o Help assess the impact of major incidents on respective Region/ Country; alongside
the Region/ Country Leader work with the RISO and Global Cybersecurity service
lines on action plans to minimise impact.
• Work with the Region/ Country Leader, RISO and peers to meet common Region/ Country
goals, linked to the risk framework i.e. operational risk simulations, major incident group
(MIG) exercises, cyber-enabled fraud collaboration, data security reporting, exceptional
access and risk reviews of regional business initiatives.
Secure Business Transformation
• Partner with the business to help them achieve their strategic objectives by ensuring that
cybersecurity services provided are fit for purpose. Understand business/ regional/ country
strategies and requirements and ensure business requirements are incorporated within the
cyber global investment/ transformation programme.
• Support secure business transformation initiatives, including business led projects,
divestitures, mergers and acquisitions within the respective Region/ Country as applicable
while ensuring that new capabilities and entities are setup securely and adopted efficiently
in the respective Region.
• Communicate effectively to team member’s importance of adherence to cybersecurity
controls and enable/ facilitate access to existing cybersecurity services to support the
• Identify requirements that need to addressed by local team members and ensure they are
captured by central Cybersecurity functions within their change initiatives/ programmes.
• Support the Region/ Country Leader to oversee the implementation and gap assessments of
global, regional and local initiatives for respective Region/ Country.
Regulatory Compliance and Industry and Customer Engagement
• Support the Region/ Country Leader’s responsibility to drive management and reporting of
regulatory compliance requirements for cybersecurity and information security controls in
the respective region/ country by collaborating with Cybersecurity central functions.
• Ensure adherence to the three lines of defence organisational model with clear lines of
responsibility, accountability and segregation of duties.
• Support the Region/ Country Leader with maintaining compliance for any organisational
changes by ensuring they are fit-for-purpose and meet internal audit and external
• Be a point of contact and liaison to the region/ country’s legal entities for regulatory, audit
and external security engagements (where required).
Team & Stakeholder Management
• Establish strong stakeholder relationships within the assigned Region/ Country.
Business/Function support and Conduct
• Work with the Compliance department, to implement the Compliance Policy and to contain
compliance risk. The term ‘compliance’ embraces all relevant financial services laws, rules
and codes with which the Region must comply.
• Adhere to and be able to demonstrate adherence to internal controls.
• Ensure compliance with all relevant internal instructions (FIMs, GSMs, circulars) and
external regulatory requirements, including the management of operational risk and
adherence to the Group’s standards of ethical behaviour.
• Customer focus. Help lead from the front a customer-centred culture, championing
activities encouraging outstanding customer advocacy. Proactively seek opportunities to
maximise Cybersecurity to improve region/country/service line operations.
• Understanding markets and customers. Understands the financial services industry security
and threat landscape. Analyses, interprets and communicates developments in the
customer’s and business segment’s local marketplace. Have an in depth understanding of
the business and the related threat landscape to enhance cybersecurity resilience and
enable / influence strategic business decisions as applicable.
Customers / Stakeholders
• Strengthening stakeholder relationships. Cultivates strong relationships with
organisationally important global and local stakeholders with a tailored approach.
Leadership & Teamwork
• Support creating a collaboration environment within the team, and externally with other
teams (such as IT, risk).
• Help lead the Cybersecurity agenda within the respective Region/ Country.
• Provide specialist knowledge and experience to influence the regional/ Country strategic
agenda, ensuring alignment to Cybersecurity and business/ regional objectives and goals.
Operational Effectiveness & Control
• Endorse and ease the adoption of efficient processes for the Region/ Country. Adopt and
roll-out global tools and processes when available. Understand the global Cybersecurity
expectations and drivers, to align frameworks. Engage with global teams to perform global
• Managing local risk and control framework. Track and remediate any issue, finding or
recommendation. Contribute when required to local RCA, MSII.
• Minimum Bachelor Degree and/or experience in IT security governance and operational
processes, preferably in the Financial Services industry or global corporate service provider
• Background – desirable but NOT essential exeprience in one or more of risk management,
• Qualifications –one or more industry-recognised cybersecurity-related certifications
required (as per Regional Regulatory Requirements) including ISO270001, CISA, CISM, CISSP,
• Availability to travel (if required) for this role, i.e. travel within country as well as
occasional International travel
• Positive and professional attitude, team player, flexible and adaptable, open to change(s)
• Confident and takes responsibility and ownership for work and personal development
• Good spoken and written communication and ability to adapt style based on audience
(Fluent in spoken / written English)
• Ability to communicate technical subject matter to non-technical stakeholders
• Previous experience of delivering an excellent customer service
• Ability to quickly develop good working relationships with stakeholders
• Ability and self motivation to learn and pick things up quickly
• Stable and interesting job in professional team with international exposure
• Friendly and welcoming culture
• Access to professional training and professional qualifications
• Strong support in professional development of people to enable them progressing their
careers both locally and/or internationally
• Consistent scope of responsibilities
• Private health care, employees’ benefits
Note: Prepare your CV in English (PDF), fill in the form, and apply!
Please include in your CV the following clause necessary for the recruitment process:
“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Cyber Delivery Manager position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”