Vulnerability Management Reporting Senior Analyst

HSBC Service Delivery

Kraków

Type of work

Full-time

Experience

Senior

Employment Type

Permanent

Operating mode

Hybrid

Tech stack

Vulnerability Management

advanced

Python

advanced

Powershell

advanced

Databricks

advanced

Security

advanced

Job description

Vulnerability Management Reporting Senior Analyst

Ref. 16635

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Your career opportunity

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity predominantly delivers this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to the risk management framework.

The role of Vulnerability Management Reporting Senior Analyst will be to ensure the delivery of automated Operational and Business-related reporting. They will be responsible for supporting the delivery of Control Owner activities and Governance. Additionally, they will need to closely collaborate with the Head of Vulnerability Management, Federated Control Owners, key stakeholders in the CCO Technology, 2 and 3LOD

What you’ll do

Detailed and accurate reporting of Vulnerability data to help drive and prioritise risk-based remediation across the bank.
Continual improvement in the depth and breadth of reporting capabilities against the Vulnerability Management control to support improvements in the bank’s security posture.
Triage and assessment of all new Vulnerability reporting requirements, ensuring requirements are clearly understood, link back to strategic deliverables and are planned appropriately.
Maintain and monitor all feeds into the Vulnerability reporting platform, reporting on impacts to vulnerability reporting and ensuring that relevant remediation activities to resolve feed issues are tracked and impacts reported to those utilising reports in a timely manner.
Contribute to responses to information requests from Regulators, Internal/ External Audit etc; and responses to 2LOD challenges/ Papers.
Providing commentary to routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs.
Adhoc tasks as required, including support to CSAT operational activities.

What you need to have to succeed in this role

Strong knowledge and experience in defining and understand use of critical data elements for Vulnerability Management, utilising big data systems, scanning technologies (e.g. Nessus, SAST, MAST and DAST scanning) and scripting or programming languages (e.g Python, C+, or PowerShell, VBA scripting).
Excellent organisational, administrative, analytical, problem solving and data management skills with the ability to work accurately and methodically whilst under pressure to meet deadlines.
Strong interpersonal skills with the ability to build effective working relationships with colleagues and work well as part of a team.
Proven track record on delivering activities on time to a high standard.
Excellent understanding of Databricks, SharePoint, Microsoft Teams and Confluence.
At least 3 years of experience in working as a threat & vulnerability management expert and developing programs or in IT Security.

What we offer