Global Head of Cybersecurity Operations (Warsaw | Kraków)

Global Head of Cybersecurity Operations operating within the Global Cybersecurity function and under the management of the Global Head of Cybersecurity Operations & Intelligence, and part of the Global Cybersecurity Operations & Intelligence (GCO&I) team provides a coordinated suite of cyber-threat defence services and are responsible for the monitoring, detection and response to cybersecurity threats across the global HSBC technology estate.

The GCO&I team is split into five distinct sub-functions: Monitoring & Threat Detection (M&TD), Incident Management & Response (IM&R), Information Protection & Response (IPR), Cyber, Intelligence & Threat Analysis (CITA), Sustainable Cybersecurity Operations (SCO)

Critical to the success of GCO&I are close partnerships with the wider Cybersecurity teams, technical infrastructure support teams and the internal HSBC stakeholders across the global businesses and functions.

Responsibilities:

• Developing, implementing and maintaining a cross-functional strategy to support the Sustainable Cybersecurity Operations team and sub-functions in delivering on their mission to support the GCO&I cyber-threat intelligence led approach to the detection, response and containment of cyber-threats.
• Leading the direction and development of individual sub-function strategies to ensure alignment within Sustainable Cybersecurity Operations and with the wider GCO&I function.
• Developing and maintaining a flexible stakeholder engagement model that caters for both proactive and reactive collaboration and can rapidly adjust and reprioritise workloads in response to the changing threat-landscape.
• Building and maintaining strong processes and collaborative working practices with supporting teams in Sustainable Cybersecurity Operations and the wider Global Cybersecurity Operations & Intelligence teams.
• Building relationships and engagements with the many technology and platform owner stakeholders.
• Successfully maintaining these relationships and delivering prioritised outcomes in an environment where relationships can be complex and priorities are often divergent.
• Maintaining governance across all Cyber Ops Integration activities and ensuring the creation, collection and processing of key data points to feed into relevant service reporting e.g. service delivery metrics, KPIs, KCIs, and performance dashboards.
• Building, leading and maintaining a high-performing team of SMEs across the sub-functions.
• Empowering the SME sub-function teams to be able to deliver toward strategy goals through the implementation of a high-performance, transparent and fair management structure.

Requirements:

• Expert understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business, understanding of the organisational mission, values and goals and consistent application drive local strategy and direction.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
• A team-focused mentality with the proven ability to work effectively with diverse stakeholders with highest ethical standards and values.
• Excellent understanding and knowledge of common industry cybersecurity frameworks, standards and methodologies, including; OWASP, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards, and the MITRE ATT&CK Framework.
• Experience in a leadership position within a cyber-security operations team to include team and capability development, staff development, career management, and recruitment.
• Ability to speak, read and write in English, in addition to your local language.

Technical Skills:

• Excellent knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, AV, EDR, Firewalls, Proxies etc.
• Common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
• Enterprise technology infrastructure, platforms and tooling, including; Windows, Linux, infrastructure management and networking hardware
• 3rd party cloud computing platforms such as AWS, Azure and Google their associated security tooling/platforms.
• Incident response tools, techniques and process for effective threat containment, mitigation and remediation.
• Log management suites, Security Information and Event Management (SIEM) tools such as Splunk Enterprise Security. Knowledge of cloud based “data lake” solutions used for the collection and real-time advanced analysis of security information.
• Ability to identify, develop and track key performance indicator (KPI) and key control indicator (KCI) metrics for accurate and contextual evaluation of operational effectiveness as well as providing recommendations for control improvement and mitigating control adjustments.
• Good knowledge of intelligence analysis principles either though formal education / training or equivalent professional experience.

Industry Experience:

• Extensive experience in a cybersecurity or technical related leadership position, preferably in the finance or similarly regulated sector.
• Industry recognised cybersecurity related certifications including: CEH, EnCE, SANS GSEC, GCIH, GCIA and/or CISSP
• Formal education and advanced degree in Information Security, Cyber-security, Computer Science, or similar and/or commensurate demonstrated work experience in the same.
• Certified in the use and management of core security platforms such as SIEM, SOAR, EDR, XDR, NDR, Firewalls, Proxies etc.
• Core technical platform / OS certifications e.g. Windows, Linux, MacOS.

What you’ll get with us:

• Competitive salary
• Annual performance-based bonus
• Additional bonuses for recognition awards
• Multisport card
• Private medical care
• Life insurance
• One-time reimbursement of home office set-up (up to 800 PLN)
• Corporate parties & events
• CSR initiatives
• Nursery and kindergarten discounts
• Financial support with trainings and education
• Social fund
• Flexible working hours
• Free parking

In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at: [email protected]