Your new role

The Cybersecurity function is responsible for enabling businesses and functions to manage their Information and Cybersecurity risks as well as ensuring risks and controls are assessed and implemented appropriately, objectively and independently through professional and specialized subject matter experts, whilst ensuring regulatory compliance.

• The Global Head of Cybersecurity Risk & Controls will play a key role in coordinating activities required to implement the Cybersecurity Risk and Controls Strategy across globally in partnership with Control Owners and SMEs. This role will report into the Global Head of Business Engagement, whilst closely partnering with Regional and Business Information Security Officers. The key part of the role will be leading on design, oversight and reporting on Cybersecurity controls.
• The ideal candidate will possess strong leadership and communication skills, a wide knowledge in risk and controls space, as well as across all cybersecurity domains and strong experience in managing international teams and stakeholders. The role holder will be required to manage a global team, stakeholders including the Control Owners, regional and business CIOs and COOs; Cybersecurity Leadership and staff; Chief Controls Office (CCO) Technology, 2LoD Resilience Risk and 3LoD Internal Audit teams.
• Building out, leading and managing a new Global merged team combining Cybersecurity Risk & Controls capabilities.
• Working with the Control Owners, wider CBE team, 2LoD, 3LoD and CCO Technology to ensure that the Cybersecurity owned controls in the Risk and Controls Library and federated controls owned by the business, are designed according to the Bank’s requirements and industry standards and best practises (e.g. NIST FSS) and embedded across the business and regions.
• Lead on reporting capabilities to enable oversight of control effectiveness through Key Control Indicators, as well as to ensure these are tailored and consumed by the business and regions.
• Conduct periodic maturity assessment of Cybersecurity controls against industry best practices frameworks (e.g. NIST) in partnership with independent/external suppliers
• Drive continuous improvement and embedding of the Cybersecurity Risk Quantification (CRQ) model to enable a data driven risk assessment and oversight

What you'll need to succeed

• Experience with Technology risks and controls. Knowledge of Cybersecurity is a must.
• Significant, subject matter expertise in risk and control management. This includes but is not limited to controls design and implementation and control assessment, as well as MI and executive reporting.
• Wide general cybersecurity knowledge; Understanding of Cybersecurity concepts such as threats, vulnerabilities, attack vectors, inherent/residual risk.
• Understanding metrics and measures in managing risks and controls (KPIs, KCIs, KRIs) is a must.
• Familiarity with the NIST Cyber Security Framework (CSF) would be beneficial.
• Knowledge of Centre for Internet Security (CIS) Measures and Metrics is a plus.
• Experience with GRC Tools (such as HELIOS, ServiceNow, Archer) is a plus.
• Experience in dealing with Senior Management, internal and external audit.
• Strong understanding of regulatory landscape, and key process to ensure robust response to regulatory assessments/exams, as well as customer and third party requests on Cybersecurity maturity posture.

What you'll get in return

•Competitive Salary
•Annual performance- based bonus
•Additional bonuses for recognition awards
•Multisport Card
•Private medical care
•Life Insurance
•One-Time reimbursement of home office set up (up to 800 PLN)
•Corporate parties and events
•CSR Initiatives
•Nursery and Kindergarten discounts
•Financial support with trainings and education
•Social Fund
•Flexible working hours
•Free parking

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.

Hays Poland sp. z o.o. is an employment agency registered in a registry kept by Marshal of the Mazowieckie Voivodeship under the number 361.

#LI-DNI