The bank operates from over 3,900 offices in 67 countries, supporting 38 million customers in an increasingly digital offering that requires always on and secure operations of the technology estate.
The Cybersecurity team in the company is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through specialized subject matter experts.
The CST Business Engagement risk lead is a role within the Cybersecurity Strategy & Transformation (CST) function of the Cybersecurity team. The role holder will interface and work closely with the relevant stakeholders within the Cybersecurity Business Enablement (CBE) function and will contribute for delivering the CST Business Enablement framework and operating model going forward.
The CST Business Engagement risk lead within CST will drive and deliver the following services in conjunction with the CST team and individual GB/GF/Regional CBE teams;
Meet GB/ GF/ Reg requirements
- Work with control and service owners to agree strategy, roadmap and architecture business cases to meet GB/GF/Reg needs
- Work with the strategy, architecture team, , risk and control owners, GRC and CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to identify global gaps or opportunities for improvement, highlighted in audits and emerging from evolving regulatory requirements.
- Assist Cybersecurity capability leads/ Product Owners/ project teams to prioritise demand based on GB/GF/Reg risk return on investments, change feasibility and the mandatory nature of change (regulations).
- Liaise with CBE delivery and consulting leads in respective GB/GF/Reg to identify requirements and strategy for central change initiatives.
- Gather CISO, strategy, architecture and GB?GF requirements regions and business via the CBE teams within respective GB/GF/Reg. (for example by participating in their Business Cyber Defence forums, Business-Cyber delivery forums, RCMM’s etc.) Via the CBE team, understand local business strategy and direction, with focus on information security as input in development of the transformation and strategic plans. Liaise with Stratgey and Service Management team within CST to assist with overall business case development and investment planning.
Support change programme management in relation to GB/GF/Reg
- Support coordination and facilitate discussion between Cybersecurity capability leads/ Product Owners/ project teams; technology and the CBE team (BISOs, RISOs, Cyber delivery and consulting leads) to define qualitative and quantitative benefits of the change.
- Assist Cybersecurity capability leads/ Product Owners/ project teams to understand the path of adoption for the work they are doing.
- Work with Cybersecurity capability leads/ Product Owners/ project teams to ensure strategies, roadmaps and architecture meet requirements from CBE teams
- Support and facilitate the Business Case (Investment Feasibility) development process and support in relevant approval/ sign off. Work with CBE team (RISO & BISO, cyber delivery and consulting leads) to manage stakeholders within GB/GF/Reg.
Coordinate change delivery/ deployment across recipients of change (i.e. regional control owners)
- Work with Cybersecurity capability leads/ Product Owners/ project teams and Service Owners to assist with the development of the Operational Readiness plan (i.e. BAU embedment) for the GB/GF/Reg within the change releases.
- Ensure clear traceability of delivery to outcomes, risks and control improvements. Engage with CBE teams (RISO’s, BISO’s,
- Delivery and Consulting leads), CRCS Pods owners along with the Cybersecurity capability leads/ Product Owners/Value.
- Stream Lead/ Project teams; to deliver clear business benefits around project scope, progress, control uplift maturity, regulatory outcomes and overall benefits in business friendly language.
- Ensure escalation for CBE and project teams and support with unblocking change delivery/ adoption issues for their respective assigned areas of CBE business and regions. Also provide specialist advise/ business context to the as it pertains to the GB/GF/ Reg.
- Support the proactive management of risks for delivery, operational and implementation rollout for business/regions within the Cybersecurity Sub-Value Stream (SVS) and Platforms, through coordination and collaboration with capability leads/ Product Owners/ project teams and Portfolio Mgmt. team and CBE teams (RISO’s, BISO’s, Delivery and Consulting leads)
- Assist the delivery teams and Cybersecurity capability leads/ Product Owners/ project teams in ensuring that the production of work is accounted and planned for as part of portfolio delivery.
- Communicate with all key stakeholders so that they understand, are aware and supportive of the agile framework.
Validation of benefit achieved and feedback
- Appropriate handover to operations of ongoing engagement with CBE teams (RISO’s, BISO’s, Delivery and Consulting leads) and technology stakeholders within GB/GF/Reg to gauge benefits realised post movement of change to Operations.
- Gather feedback and further requirements to share back with Cybersecurity capability leads/ Product Owners/ project teams; Portfolio Mgmt.; and overall CST leadership.
- Contribute to the creation of Outcomes and Key Results (OKR) for Cybersecurity and support the leadership in understanding the realisation of these outcomes, and in adjusting work in progress to better serve OKR realisation.
To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills:
Good Risk and Controls understanding
- Knowledge and exposure of Cybersecurity Risk and Control Management
- Experience of translating difficult IT concepts into business language;
- Experience with Technology risks and controls related to Cybersecurity
Strong progamme and project management/ business analysis background
- Experience of project management principles and have a relevant Project Management qualification (e.g. PRINCE2, Agile);
- Experience of project delivery using Agile methodology;
- Experience with Project Management Tools (such as Clarity, JIRA)
- Excellent cybersecurity knowledge; Understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors, inherent/residual risk;
- Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs) is a must;
- Familiarity with the NIST Cyber Security Framework (CSF) required;
- Experience with GRC Tools (such as HELIOS, ServiceNow, Archer) is a plus;
- Understanding of regulatory landscape.
Strong stakeholder management and communications skills
- Experience of working at an operational level in international environments that drive a international perspective;
- Experience in managing stakeholders in different geographies;
- Experience in creating and reviewing executive reports (up to board level);
- Experience of setting and assuring delivery qulaity criteria for cybersecurity delivery inlcuding strategies, roadmaps, architecture and plans
- Experience in dealing with senior management, internal/ external audit, business and wide array of global stakeholders.
Team-oriented mentality combined with ability to complete tasks independently to a high quality standard
- Experience within fast-moving, complex and demanding corporate environments that run large Cybersecurity change programmes/ portfolio of work needing engagement with complex stakeholder across the lifecycle i.e. requirement gathering, development, deployment/ embedding, benefit realisation and feedback.
- Influential, credible and persuasive, active listener, embraces the company’s Values, shows good judgement and demonstrating high level of communication skills in order to achieve effective stakeholder management.
They can offer:
- Excellent and positive work environment
- A stable role with a consistent set of responsibilities
- Career development prospects within the multi-national leading financial organization
- Private health care and employees’ benefits
- sharing the costs of sports activities, sharing the costs of foreign language classes, sharing the costs of professional training & courses, life insurance, retirement pension plan
Note: Prepare your CV in English (PDF), fill in the form, and apply!
Please include in your CV the following clause necessary for the recruitment process:
“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the CST – GBGFR Business Enablement Risk Lead position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”
Dotcommunity jest zarejestrowana w Rejestrze agencji zatrudnienia (KRAZ) pod numerem 9904.