If you’re looking for a career that will help you stand out, join the company, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, they offers opportunities, support and rewards that will take you further.
Your career opportunity:
Global Operational and Resilience Risk (ORR)is a sub function of Group Risk. Its purpose is to make sure the company understands and is in control of its non-financial risk position. In addition, the function provides resilience risk stewardship to global businesses, functions, and entities we operate in.
The Cloud Security Risk Role drives risk management oversight of the company use of information technology provided either by the company Technology function or third parties, focused on cloud adoption and provision. This role will closely interact with control owners and Technology teams in 1Line of Defence, providing oversight and challenge as to the bank’s secure use of cloud-related technologies against various internal and external information and cyber security threats, and whether plans to mitigate related risks are appropriately robust and sufficient.
This a technical role and requires and a combination of hands-on experience in Cloud Technology and Cyber security risk consultancy. Audience will include Technology and non-technical stakeholders.
What you’ll do:
- Provide Technical SME oversight of the continuous monitoring for Cloud Platforms Risk and Controls. For example: challenge and validate the shared platform’s controls design, operation, effectiveness rational, oversight of mandatory procedure and adherence to operating instructions, KCI definitions and execution, continuous monitoring plan and issue/action updates; assess overall security operational readiness per platform.
- Provide Technical SME support for critical business cloud adoption including workloads (direct use of cloud on org. managed cloud platform; indirect use on cloud SaaS workloads) by providing technical opinion on the workloads controls designs (sampling IAM roles permissions, configurations design/settings), and cloud risk assessment (threat modelling, pen testing) depth and quality prior to going live.
- Provide Technical security opinion to risk and control owners, to ensure effective policy compliance, help identify improvements, share best practices and response to issues and cloud incidents. For example, providing SME guidance on security baseline for native cloud products prior to adoption by IT Developers, monitoring and assessing deviation from cloud native products security patterns.
- Regularly and formally document and communicate information and cyber technology risk observations, and ensure risk management items are appropriately captured in Group’s operational risk management systems (i.e. HELIOS).
- Offer SME support on the newly design cloud journey approval process, technical opinion on the adequacy of exit planning, metrics for measure risk aggregation in cloud and risk assessment methodology for cloud workload and platform.
- Offer opinion on the suitability of native Cloud security tooling vs 3rd party vendor security tooling e.g. containers scanning, federated IAM for control improvements.
- Attend project steer-cos, workshops, provide independent reporting, packs and evidence for internal and external audit.
- Coordinate activities across stakeholders.
- Provide periodic view on 2LOD view of the cloud platform top security concerns, maturity, and operational readiness for non-technical stakeholders.
What you need to have to succeed in this role:
- Strong level of business knowledge and Cloud security risk expertise.
- Strong level of risk management knowledge and relevant experience.
- Comprehensive knowledge of the internal control environment.
- Academics: Graduate or Postgraduate in Computer Engineering or related field.
- Overall experience of 13+ years.
- Should have worked in banking & risk environment.
What we offer:
- Competitive salary
- Annual performance-based bonus
- Additional bonuses for recognition awards
- Multisport card
- Private medical care
- Life insurance
- One-time reimbursement of home office set-up (up to 800 PLN)
- Corporate parties & events
- CSR initiatives
- Nursery and kindergarten discounts
- Language classes
- Financial support with trainings and education
- Social fund
- Flexible working hours
- Free parking
Note: Prepare your CV in English (PDF), fill in the form and apply!
Please include in your CV the following clause necessary for the recruitment process:
I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Resilience Risk Specialist, Cloud Resilience Risk SME position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Dotcommunity jest zarejestrowana w Rejestrze agencji zatrudnienia (KRAZ) pod numerem 9904.