Big Bank Funding. FinTech Thinking.
Youl will join one the largest banking institutions in the world.
Their Technology teams work closely with the company’s global businesses to help design and build digital services that allow their millions of customers around the world; to bank quickly, simply and securely. They also run and manage their IT infrastructure, data centres and core banking systems that power the world’s leading international bank. Their multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers.
Following extensive investment across their Technology and Digital domains and with plans for continued expansion throughout 2021 and beyond, their are currently seeking a Senior Analyst for “Threat and Controls Assessment”, to join the Cybersecurity team within Technology.
Brief overview of the business areas
Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework.
The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across the company’s estate in concert with business and technology teams – on premise, within the Cloud and resulting from 3 rd party engagements.
What you will be doing:
- The Threat and Controls Assessment Senior Analyst role will work as part of a global team to perform Threat
Modelling on the company’s services.
- This role will report into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across
- Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and
regional leads, enabling effective end-to-end vulnerability identification.
- Perform effective threat and control assessments of services within our internal, external and cloud estate.
- Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps.
- Understand the Business requirements, evaluate potential products / solutions and provide technical recommendations.
- Be “hands on” with technology and contribute to the design, development and the support of projects with security recommendations.
- Identify threats across the IT estate; including applications, databases, network and other infrastructure components.
- Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues.
- Contribute to process, procedures and tool identification/development.
- Stay up to date with industry new trends and best practices.
- Proven experience in general security concepts and principles
- Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets
- Strong understanding of applications design and architecture
- Knowledge and experience with network, host and application security practices
- Strong understanding of Software Development Life Cycle (SDLC) with a focus on security
- Experience in continuous improvement and process optimisation.
- Understanding of emerging technologies and corresponding security threats
- Self-motivated individual with strong analytical and problem solving skills
- Knowledge and exposure of Risk and Control Management
- Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders
- Good working knowledge of one or more of the Cloud Service Providers – AWS, GCP or Azure
- Experience of working in international and diverse environments
- Experience in engaging with business, technology, regional and regulatory stakeholders
- Ability to communicate to key stakeholders – effectively translating technical gaps into business risk
- Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications
They can offer:
- Excellent and positive work environment
- A stable role with a consistent set of responsibilities
- Career development prospects within the multi-national leading financial organization
- Private health care and employees’ benefits
- sharing the costs of sports activities, sharing the costs of foreign language classes, sharing the costs of professional training & courses, life insurance, retirement pension plan
Note: Prepare your CV in English (PDF), fill in the form, and apply! 🙂
Please include in your CV the following clause necessary for the recruitment process:
“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Threat and Controls Assessment Senior Analyst on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”