Controls Design Business Analyst – Global Cybersecurity Controls










Type of Work




Tech stack

  • Krakow
21 000-25 200 zł netB2B

Become 1st Line of Defense and play a significant role in the development of new, data-driven control environment of protective measures!

Krakow-based opportunity with the possibility to work remotely!

As a Controls Design Business Analyst, you will support continuous maintenance and development of the Cybersecurity control environment. You will define and maintain operational control instances and their attributes, control measurements as well as control requirements for Group Cybersecurity.

Your key Responsibilities:

  • Engage with variety of stakeholders (including but not limited to Control Owners and 2LoD) to ensure that Cybersecurity, IT Operations, Data and Architecture controls are designed according to the Bank’s requirements and industry standards and best practices (e.g. NIST 800-53)
  • Work with stakeholders and peers to ensure that Cybersecurity, IT Operations, Data and Architecture control measurements are defined in accordance with KCI Design Framework and industry best practices (e.g. CIS)
  • Work with Cybersecurity, IT Operations, Data and Architecture teams to ensure that the defined controls are compliant with Legal/Regulatory requirements and that control measurements provide sufficient insights for management reports

The ideal candidate has:

  • 2+ years of experience with risk and control framework
  • Expertise in Control Management. This includes but is not limited to controls design and their implementation
    • Experience with Cybersecurity, IT Operations, Data and Architecture risks and controls
    • Ability to translate difficult IT concepts into business-friendly language
    • Understanding of the Inherent/Residual risk concepts
  • Technical background
    • Knowledge of  Information Technology, at least a generalist with specialist area expertise welcome
    • Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs)
    • Good writing skills and proficient use of written English.
    • Experience with MS Office and MS Teams
  • Stakeholder management and communications skills
    • Experience of working in international environment
    • Managing stakeholders including Cybersecurity, IT Operations, Data and Architecture Leadership and staff, 2LoD Resilience Risk teams

It is a strong plus if you have:

  • Familiarity with the industry best practices and frameworks in Information Technology
  • Experience with GRC Tools
  • Industry certification in Risk/Technology/Security

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at

Internal number #3435


Access to +100 projects
Access to Healthcare
Access to Multisport
Training platforms
Access to Pluralsight
Make your CV shine
B2B or Permanent Contract
Flexible & remote work
Flexible hours and remote work

Apply for this job now

    We need your consent for recruitment processes for selected jobs. Please include a consent for data processing in your CV or send a statement of consent to You may also grant consent to future recruitment processes for similar jobs.