Head of Penetration Testing (Warsaw | Kraków)

Offensive Security provides an independent challenge to HSBC’s cybersecurity posture by bringing the attacker’s mindset to find and exploit vulnerabilities and to simulate real-world attacks. Through this, OffSec discover weaknesses across people, process, and technology, enabling the Firm to better understand its exposure to cybersecurity attacks and to drive a proactive approach to protect itself and to manage risk more effectively.

The Head of Penetration Testing leads all SME-led penetration testing activities across HSBC, including the delivery of requirements under the Firm’s cybersecurity controls and to meet regulatory requirements.They are responsible for understanding the threats to HSBC and its customers, and to continueously evolve penetration testing methodologies to identify vulnerabilities in production and pre-production systems, and to support HSBC Technology teams to remediate these vulnerabilities and better protect itself for the future.

Responsibilities:

• Overall accountability for the global penetration testing team team of circa 65 staff across 6 countries.
• Accountable for the delivery of penetration testing to meet the requirements of HSBC’s cybersecurity controls, auditors, and global regulators.
• Responsible for ensuring penetration testing is well scoped with clearly defined objectives, and delivered on time through an approach that scales and minimises operational risk.
• Responsible for maintaining Penetration Testing methodologies to ensure they are kept up-to-date given threat actor techniques and procedures, and the shifting technology landscape within HSBC.
• Accountable for the delivery of the change and continuous uplift across penetration testing.
• Global Control Operator for Penetration Testing under VIAO.3 (Offensive Security) control and protecting the bank’s technology, information, and customers.
• Developing and maintaining a highly skilled and efficient global team of subject matter experts in offensive security testing, that focuses on continuous improvements of vulnerability discovery methodologies.
• This role holder will engage with a diverse set of stakeholders in order to achieve the objectives of the penetration testing programme, including Business and Functions, Cybersecurity Leads, Heads of Cybersecurity functions, Control Owners, and Regulators.

Requirements:

• Proven experience in delivering high quality Penetration Tests across Web, APIs, Infrastructure, and Mobile.
• Experience leading teams of Penetration Testers, and supporting these teams to manage the delivery of a large volume of penetration tests.
• Experience working in highly sensitive projects and a highly regulated environment.
• Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders.
• Experience in a leadership position with a cybersecurity team to include team and capability development, staff development, career management, and recruitment.
• Excellent understanding of cybersecurity principles, global financial services business models, regional regulations and applicable laws.
• Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.

What you’ll get with us:

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN)
• Corporate parties & events
• CSR initiatives
• Nursery and kindergarten discounts
• Financial support with trainings and education
• Social fund
• Flexible working hours
• Free parking

In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: [email protected]