Become 1st Line of Defense and play a significant role in the development of new, data-driven control environment of protective measures!
Krakow-based opportunity with the possibility to work remotely!
As a Controls Design Business Analyst, you will support continuous maintenance and development of the Cybersecurity control environment. You will define and maintain operational control instances and their attributes, control measurements as well as control requirements for Group Cybersecurity.
Your key Responsibilities:
- Engage with a variety of stakeholders (including but not limited to: Control Owners and 2LoD) to ensure that the Cybersecurity owned controls in the Risk and Controls Library are designed according to the Bank’s requirements and industry standards and best practices (e.g. NIST 800-53)
- Work with stakeholders and peers to ensure that Cybersecurity control measurements are defined in accordance with KCI Design Framework and industry best practices (e.g. CIS)
- Work with Cybersecurity teams to ensure that the defined controls are compliant with Legal/Regulatory requirements and that control measurements provide sufficient insights for management reports
- Maintain and regularly review Cybersecurity control requirements and supportive documents
- Align Cybersecurity control requirements to industry best practices and regulatory expectations.
The ideal candidate has:
- 2+ years of experience with risk and control frameworks
- Expertise in Control Management (controls design, implementation, further assessments or testing)
- Solid understanding of the Inherent/Residual risk concepts
- Ability to translate difficult IT concepts into business-friendly language
- Experience with Technology risks and controls
- Technical background
- Knowledge of Cybersecurity – at least a generalist with specialist area expertise
- Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs)
- Stakeholder management and communications skills
- Managing stakeholders including Cybersecurity Leadership and staff, Chief Controls Office and 2LoD Resilience Risk teams
- Experience within fast-moving, complex and demanding corporate environments where Cybersecurity controls issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change
It is a strong plus if you have:
- Familiarity with the NIST 800-53
- Familiarity with Centre for Internet Security (CIS) Measures and Metrics
- Experience with GRC Tools
- Industry certification in Risk/Technology/Security
#GETREADY to meet with us!
We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at email@example.com.
Internal number #3214