ABOUT THE PROJECT
Whilst the job holder will be based in Krakow, Poland, this is a Global role covering Global Cybersecurity Controls applicable to all countries and legal entities.
Cybersecurity Controls Design Manager will play a key role in the design and maintenance of the Cybersecurity control environment. The role holder will be tasked with defining and maintaining operational controls instances, their measurements as well as Policies, Procedures and Standards for Group Cybersecurity.
- Working with the Control Owners, 2LoD and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library are designed according to the Bank’s requirements and industry standards and best practices (e.g. NIST 800-53);
- Working with the Control Owners and other stakeholders to ensure that Cybersecurity control measurements are defined in accordance with our client’s KCI Design Framework and industry best practices (CIS);
- Working with CRCS teams to ensure that the defined controls are compliant with Legal/RegulatoryMandatory requirements and that measurements provide sufficient data for stakeholder reports;
- Design, manage and maintain Policies, Procedures and Standards for Cybersecurity controls, covering all areas across Engineering, Operations and Security Assessment and Testing.
SKILLS & EXPERIENCE THEY REQUIRE
- Strong Risk and Controls Background:
– Significant, subject matter expertise in Control Management. This includes but is not limited to controls design and implementation and control assessment;
– Ability to translate difficult IT concepts into business-friendly language;
– Experience with Technology risks and controls.
- Technical background:
– Knowledge of Cybersecurity – at least a generalist with specialist area expertise welcome. Well understanding of Identity and Access Domain will be a plus.
– Possession of recognized certificates will be an advantage;
– Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs) is a must;
– Technical writing skills and highly proficient use of written English is required to ensure quality output for Control, Policies, Procedure and Standards design and maintenance.
- Strong stakeholder management and communications skills
Experience of working at an operational level in international environments which drive a true international perspective;
Managing stakeholders including the Group CISO, Cybersecurity Leadership and staff, Chief Controls Office and 2LoD Resilience Risk teams.
- Team-oriented mentality combined with ability to complete tasks independently to a high quality standard
– Experience within fast-moving, complex and demanding corporate environments where Cybersecurity controls issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change.
- Interpersonal Skills
– Influential, credible and persuasive, active listener, embraces our client’s Values, shows good judgement and demonstrating high level of communication skills in order to achieve effective stakeholder management.
OPTIONAL/NICE TO HAVE
- Familiarity with the NIST 800-53 would be beneficial;
- Knowledge of Centre for Internet Security (CIS) Measures and Metrics is a plus;
- Experience with GRC Tools is a plus;
WHAT THEY OFFER
- This role is within the 1st Line of Defense and will play a key role in the development of new, data driven control environment that will provide the Technology and Business with better understanding of their exposure to risk and effectiveness of protective measures deployed by our client Cybersecurity.
- The role holder will provide technical expertise in designing the overall controls environment and providing guidance on definition of key metrics and all supportive documentation (Policies, Procedures and Standards).
Note: Prepare your CV in English (PDF), fill in the form, and apply! 🙂
Please include in your CV the following clause necessary for the recruitment process:
“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Cybersecurity Control Design Manager position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).”
Dotcommunity is registered in the Register of Employment Agencies (KRAZ) under the number 9904.