Senior Threat and Controls Assessment Analyst – Cybersecurity

Senior Threat and Controls Assessment Analyst – Cybersecurity Krakow Hybrid AWS Azure CISM CISSP CRISC GCP Python SQL English Expert, Senior Banking, Finance, Investment Banking Security Specialist Unleash the power of cybersecurity — shape a safer digital future for a global leader. Krakow-based opportunity with hybrid work model (up to 3 days remote per week). As a Senior Threat and Controls Assessment Analyst, you will be working for our client, a leading international banking institution. You will join their dynamic Cybersecurity team within Technology, focused on safeguarding digital assets and enabling secure innovation across global banking services. This role offers a unique opportunity to contribute to cutting-edge security initiatives and advance your career in a fast-paced, high-impact environment. Your main responsibilities: Perform comprehensive threat and control assessments of HSBC’s internal, external, and cloud services. Collaborate with Developers, Architects, and technical leads to understand service architecture and identify control gaps. Evaluate business requirements and provide detailed security recommendations for solutions and products. Conduct hands-on threat modeling and vulnerability assessments, highlighting weaknesses across applications, databases, networks, and infrastructure. Engage with Cybersecurity teams and senior stakeholders to address and mitigate potential security issues. Contribute to the development and improvement of processes, procedures, and assessment tools. Stay informed about emerging industry trends, best practices, and new security threats. You're ideal for this role if you have: At least 5 years of experience in the cybersecurity or IT security sector. Strong technical expertise in security concepts, vulnerability assessment, and threat modeling. Proven experience with assessing diverse enterprise IT assets, including applications, networks, and cloud environments. Hands-on knowledge of secure software development life cycle (SDLC) and security practices. Familiarity with cloud platforms such as AWS, GCP, or Azure. Industry-recognized cybersecurity certifications (e.g., CISSP, CRISC, CISM, or Cloud Security Certifications) is highly desirable. Excellent stakeholder management and communication skills, with the ability to translate technical risks into business language. A proactive, problem-solving mindset with the ability to work independently in a dynamic environment. It is a strong plus if you have: Experience working in international, multi-cultural teams. Knowledge of risk and control management frameworks. Familiarity with emerging security technologies and threats. Certifications or experience relevant to cloud security. Language Required for the role: Fluent English (both spoken and written). Eligibility for the role: Only candidates with an existing legal right to work in the European Union will be considered for this role. #MAKEYourCareerBETTER Interested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.