Cyber Head of Vendor Management Job at HSBC

Head of cyber threat exposure and attack surface management

Lead the enterprise-wide Continuous Threat Exposure Management (CTEM) strategy, ...

Location

United Kingdom , Knutsford

Salary:

Not provided

Barclays

Expiration Date

Until further notice

Requirements

Experience in cybersecurity with direct exposure to vulnerability management, red teaming, or threat exposure reduction
Proven track record leading programs integrating CSPM, SSPM, ASM, BAS, or exposure correlation technologies
Strong understanding of attack paths, adversary emulation, and continuous validation concepts

Job Responsibility

Own and drive the global CTEM strategy, establishing a continuous, threat-driven exposure management lifecycle aligned with NIST, MITRE, and CISA Secure-by-Design principles
Lead and develop a high-performing CTEM team, fostering collaboration, technical excellence, and an outcome-driven culture
Integrate and oversee key exposure management technologies, including Cloud Security Posture Management (CSPM), SaaS Security Posture Management (SSPM), Attack Surface Management (ASM), Breach & Attack Simulation (BAS), and other exposure correlation platforms
Correlate assets, identity, vulnerability, and configuration to identify high-impact, exploitable attack paths and inform prioritized remediation strategies
Collaborate with Application Security, Vulnerability Management, Red Team, and Security Operations to synchronize discovery, validation, and remediation of exposures across the enterprise
Align CTEM outputs with real-world adversary behaviors, leveraging Red Team and Threat Intelligence input to validate attack paths and focus on exploitable conditions
Drive automation and AI-enabled analytics to continuously map, assess, and measure reductions in the organization’s attack surface
Translate technical findings into business risk language, enabling senior leadership and risk committees to make data-driven investment decisions
Define and lead CTEM governance and operating models, ensuring exposure assessments, validation, and remediation tracking are embedded in operational processes
Establish clear KRIs and maturity metrics that demonstrate continuous improvement in visibility, validation, and response effectiveness

What we offer

Competitive holiday allowance
Life assurance
Private medical care
Pension contribution

Fulltime

Vulnerability Management Response Lead

The Vulnerability Response Lead is a key role within the Vulnerability Managemen...

Location

Poland

Salary:

Not provided

HSBC

Expiration Date

January 30, 2026

Requirements

Minimum of 3-5 years’ experience in working in IT Security or similar role
Experience of working in roles within Cyber Security Operations, Risk Management, and Governance, within a mid to large enterprise or equivalent organisation
Ability to understanding, apply, and improve elements of the Vulnerability Management Lifecycle and use multiple toolsets to convey information, obtain data, and make it meaningful to future plans
Lateral thinking and creative form to deploy expertise in the uplift of people skills, process identifications, and technological adjustments
Ability to recognise threats and risk, and act with insight to deliver a core part of the Cyber Security Operational model in HSBC
Ability to produce clear and concise reports for targeted audiences across internal and external stakeholders
Understanding and experience in the practical application and execution of Vulnerability scanning technologies and their application (e.g. Nessus, SAST/MAST/DAST (Checkmarx, Netsparker, Fortify, IBM AppScan, etc.), Tenable.io, Security Center (or similar Vulnerability Scanning products), risk consolidation platforms)
Vulnerability assessments, scoring and ratings and how they are applied
Patch Management
Business and architectural design, including controls analysis, process flows and data flows

Job Responsibility

Support the remediation efforts of newly discovered vulnerabilities, where the risk score is deemed critical and an immediate risk to HSBC
Monitor external threat feeds and Cyber Intelligence Threat Analysis to identify any newly reported external risks
Manage the documentation of FRTF and ITAG initiatives and providing / identifying expert advice & guidance on remediation approaches
Track and report of ITAG and FRTF initiatives, as well as producing closure reports for completed ITAG’s and FRTF’s
Follow operational processes and ensure that they provide the most streamlined and efficient method of operations, whilst identifying opportunities for improvement
Support thematic reviews to drive and systematic uplifts and enhancements to services that help protect the bank
Maintain operational documentation on what reports are available and how / where to access them
Conduct holistic reviews of the overall baseline security posture
Contribute to and inform requests from Regulators, Internal/ External Audit, and 2LOD challenges/ Papers
Support the commentary for routine governance submissions e.g. Cybersecurity Executive Committee Monthly Update, Risk Map, KCIs, KRIs

What we offer

Competitive salary
Annual performance-based bonus
Additional bonuses for recognition awards
Multisport card
Private medical care
Life insurance
One-time reimbursement of home office set-up (up to 800 PLN)
Corporate parties & events
CSR initiatives
Nursery discounts

Fulltime

Regional Business Manager

The Cybersecurity Regional Business Manager - Poland is a key role within local ...

Location

Poland

Salary:

24000.00 - 34000.00 PLN / Month

HSBC

Expiration Date

February 16, 2026

Requirements

Knowledge of cybersecurity principles, global financial services business models, regional compliance regulations and laws
Good understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, i.e.: ISO2700x series, EU data security and privacy acts, NIST standards
Strong experience managing and leading diverse, highly skilled teams
Experience with mentoring, coaching, performance management and talent management best practices
Experience within fast-moving, complex and demanding corporate environments with a need to multi-task whilst dealing with ambiguity and change
Experience in building and recruiting highly specialized teams
Experience in managing departmental budgets and dealing with expenses, 3rd parties, vendors, consultancy firms and contractors
Ability to translate difficult concepts into simple messages for different types of audiences
Experience in chairing and managing governance forums
Experience in providing materials to senior executives, boards and regulators

Job Responsibility

Act as the Entity Manager for majority of Cybersecurity functions located in Poland
Embed strategic initiatives and leading ad hoc Cybersecurity local programmes
Coordinate local entity managerial activities, as well as connecting with global cybersecurity function heads to ensure alignment and adequate level of tasks, progress and development
Manage the regional recruitment process for all Cybersecurity teams, including negotiations with Vendors and Agencies
Manage the onboarding and off-boarding of regional resources, including managing exit interviews for local Cybersecurity colleagues
Manage the regional budget
Office management for the department
Own the regional business continuity plan
Build Cybersecurity interaction and relationships with local universities
Ensure regional compliance on Conduct Risk and Mandatory Training

What we offer

Competitive salary
Annual performance-based bonus
Additional bonuses for recognition awards
Multisport card
Private medical care
Life insurance
One-time reimbursement of home office set-up (up to 800 PLN)
Corporate parties & events
CSR initiatives
Nursery and kindergarten discounts

Fulltime

Head of Security

As our Head of Security, you’ll play a critical role in protecting the trust our...

Location

Australia , Sydney

Salary:

Not provided

Prezzee

Expiration Date

Until further notice

Requirements

A degree in Computer Science, Software Engineering, or a related discipline
5+ years’ experience in a senior cyber security role, ideally within a systems development or technology-led environment
Strong understanding of AWS technologies and modern cloud architecture models
Proven experience delivering strategic security programs, including policy development, risk management, BCP/DR testing, third-party risk, and end-user device security
Hands-on experience triaging, investigating, and resolving security and operational incidents within SLAs
Deep knowledge of modern cyber security principles, threat landscapes, threat intelligence, and remediation techniques
Experience coordinating outcomes across internal teams, external vendors, auditors, and security partners
A collaborative, business-minded approach with the confidence to influence at leadership level

Job Responsibility

Lead Our Security Strategy: Own and deliver a clear, ongoing security roadmap aligned to Prezzee’s risk appetite, business priorities, and growth plans
Continuously uplift our administrative, technical, and procedural security posture across the business
Stay ahead of emerging threats and evolving standards, ensuring Prezzee remains proactive rather than reactive
Build a Security-First Culture: Act as the Security Champion across all teams and locations, embedding security awareness into how we work every day
Partner closely with engineering, product, IT, and the wider business to ensure security is at the forefront of design
Manage and mentor a small, high-performing security team, driving engagement and alignment with Prezzee’s purpose
Governance, Risk & Compliance: Maintain and expand compliance with frameworks and certifications including PCI, ISO:27001, Cyber Essentials+, ISO:42001 and others as required
Chair and manage the ISMS Committee, ensuring stakeholders have clear visibility of risks, controls, and progress
Lead third-party and vendor security due diligence across tools, partners, and workplace technology
Operational Security & Incident Management: Oversee vulnerability management, penetration testing outcomes, and remediation within agreed SLAs

What we offer

Prezzeeversary Leave – Extra day of annual leave for each year you’re with us
BirthYay Leave – Celebrate you with a paid day off during your birthday month
Novated Car Leasing – A tax-smart way to bundle and pay for your car and running costs
ClassPass Membership – Fully covered monthly credits for fitness, wellness, and beauty
Office Allowance – One-time payment to upgrade your office setup
Flexible Work Perks – Flex your hours, take Culture Swap Days, and work from anywhere for 30 days a year
Prezzee Staff Discounts – Exclusive deals on Prezzee gift cards – just for being part of the team
Wellbeing Support – Access to mental, social, financial, and physical wellbeing support via Telus
Learning & Development – Grow your career with LinkedIn Learning, job shadowing, industry programs, and our Lunch & Learn sessions
Employee Resource Groups – Be an advocate or ally and foster belonging through groups like EmpowHer and Pride

Fulltime

Head of IT

Harbour Healthcare is recruiting for a Head of IT to lead and develop our IT Ser...

Location

United Kingdom , Stockport

Salary:

65000.00 - 75000.00 GBP / Year

360 Resourcing Solutions

Expiration Date

Until further notice

Requirements

Significant experience leading IT operations in a multi-site or regulated environment
Strong background in infrastructure, cybersecurity, and operational risk management
Experience owning both hands-on delivery and strategic accountability
Comfortable operating with executive visibility and accountability
Enhanced DBS check in relation to Children and Adults
Driving License required

Job Responsibility

Conduct a comprehensive review of the organisation’s existing IT infrastructure, security controls, and operational practices
Assess current arrangements covering: Networks, connectivity, and remote access
Identity and access management
Devices and mobile technology
Backup, disaster recovery, and business continuity
Third-party suppliers and outsourced IT services
Identify key risks, gaps, and dependencies, with clear prioritisation based on business and regulatory risk
Produce a costed, phased improvement plan, aligned to organisational growth and operational priorities
Provide regular, clear updates to the Executive Team on findings, risks, and progress
Lead day-to-day IT operations across care homes and central teams

What we offer

£5000 Car Allowance
Paid Mileage

Fulltime

Head of Proxies and Remote Access

Global Defense Engineering is responsible for fielding solutions that help defen...

Location

Poland

Salary:

Not provided

HSBC

Expiration Date

March 05, 2026

Requirements

Leadership and managing skills
Strong stakeholder management skills
Demonstrated leadership experience with large, complex programmes
Seasoned technology leader with rich experience of leading engineering teams
Ability to influence beyond his/her department
Experience leading high performing teams of cybersecurity subject matter experts
Communication and collaboration skills
An ability to communicate complex and technical issues to diverse audiences
Proven ability to collaborate across industry, academia, and government
Experience working in a highly regulated, large multi-national environment

Job Responsibility

Define and deliver vision, strategy & roadmap of the Capability
Prioritise teams' backlogs based on objectives & value released to identify what teams work on next
Lead definition of scope and prioritisation of user stories to be developed in teams, including acceptance criteria/definition of done
Lead vendor relationships with owned technologies
Interact with stakeholders across the organisation to understand their security needs and expectations
Evaluate and adopt new technologies and practices which may impact the control environment
Monitor and communicate progress of capability performance through agreed KPIs and metrics
Run a Pod per L2 capability with Architecture, Engineering, Service Delivery, Control Owner, Program Manager and Product Management

What we offer

Competitive salary
Annual performance-based bonus
Additional bonuses for recognition awards
Multisport card
Private medical care
Life insurance
One-time reimbursement of home office set-up (up to 800 PLN)
Corporate parties & events
CSR initiatives
Financial support with trainings and education

Fulltime

Head of Security

Prezzee is a global leader in digital gifting and payments. As our Head of Secur...

Location

Australia , Melbourne

Salary:

Not provided

Prezzee

Expiration Date

Until further notice

Requirements

A degree in Computer Science, Software Engineering, or a related discipline
5+ years’ experience in a senior cyber security role, ideally within a systems development or technology-led environment
Strong understanding of AWS technologies and modern cloud architecture models
Proven experience delivering strategic security programs, including policy development, risk management, BCP/DR testing, third-party risk, and end-user device security
Hands-on experience triaging, investigating, and resolving security and operational incidents within SLAs
Deep knowledge of modern cyber security principles, threat landscapes, threat intelligence, and remediation techniques
Experience coordinating outcomes across internal teams, external vendors, auditors, and security partners
A collaborative, business-minded approach with the confidence to influence at leadership level

Job Responsibility

Lead Our Security Strategy: Own and deliver a clear, ongoing security roadmap aligned to Prezzee’s risk appetite, business priorities, and growth plans
Continuously uplift our administrative, technical, and procedural security posture across the business
Stay ahead of emerging threats and evolving standards, ensuring Prezzee remains proactive rather than reactive
Build a Security-First Culture: Act as the Security Champion across all teams and locations, embedding security awareness into how we work every day
Partner closely with engineering, product, IT, and the wider business to ensure security is at the forefront of design
Manage and mentor a small, high-performing security team, driving engagement and alignment with Prezzee’s purpose
Governance, Risk & Compliance: Maintain and expand compliance with frameworks and certifications including PCI, ISO:27001, Cyber Essentials+, ISO:42001 and others as required
Chair and manage the ISMS Committee, ensuring stakeholders have clear visibility of risks, controls, and progress
Lead third-party and vendor security due diligence across tools, partners, and workplace technology
Operational Security & Incident Management: Oversee vulnerability management, penetration testing outcomes, and remediation within agreed SLAs

What we offer

Prezzeeversary Leave – Extra day of annual leave for each year you’re with us
BirthYay Leave – Celebrate you with a paid day off during your birthday month
Novated Car Leasing – A tax-smart way to bundle and pay for your car and running costs
ClassPass Membership – Fully covered monthly credits for fitness, wellness, and beauty
Office Allowance – One-time payment to upgrade your office setup
Flexible Work Perks – Flex your hours, take Culture Swap Days, and work from anywhere for 30 days a year
Prezzee Staff Discounts – Exclusive deals on Prezzee gift cards – just for being part of the team
Wellbeing Support – Access to mental, social, financial, and physical wellbeing support via Telus
Learning & Development – Grow your career with LinkedIn Learning, job shadowing, industry programs, and our Lunch & Learn sessions
Employee Resource Groups – Be an advocate or ally and foster belonging through groups like EmpowHer and Pride

Fulltime

Commissioning Lead (Telecoms)

The Hook-Up and Commissioning Telecoms Lead shall provide oversight and directio...

Location

Qatar , Doha

Salary:

Not provided

Airswift Sweden

Expiration Date

Until further notice

Requirements

Bachelor’s degree in applied sciences or engineering
12 years’ experience with large-project commissioning in the Oil & Gas Industry
3 years of experience in a supervisory role
Knowledge and experience in discipline Hook-Up and Commissioning delivery processes and associated project phases
In depth knowledge of Telecoms design
Advanced knowledge in fibre optic and copper cable testing, results analysis and fault-finding activities
Advanced knowledge of networking fundamentals, cyber security, TCP/IP, LAN/WAN
Advanced knowledge of Radio systems (VHF/FM/AM), Access Control, Telephony, PAGA and CCTV hook-up and commissioning
Experience in troubleshooting general telecoms systems
Knowledge of offshore facilities and structures, onshore facilities, or yard operations

Job Responsibility

Provide oversight and direction to the project’s main contractor, sub-contractors and vendors, during the offshore hook-up and commissioning stages
Collaborate and interface with the HUC team, facilities team, EPC contractor and operations personnel
Provide technical guidance and expertise on Telecoms Equipment principles, codes, standards and coverage for EPC workshops, inspections and site testing
Support the change management process for HUC execution strategies
Supervise the review and approval of contractor procedures, ensuring accurate documentation of redlines throughout construction, hookup, pre-commissioning, and commissioning phases
Validate the optimization of project delivery, ensuring readiness for asset handover to the OESS team
Reports to Hook-Up and Commissioning Head
Support EPC PMT by reviewing critical documents and reports generated by the main subcontractor
Attend workshops/review meetings when requested
Analyse technical proposals and proposed deviations, assess exceptions and new technologies to ensure compliance with QELNG policies and procedures

Fulltime

Cyber Head of Vendor Management

HSBC

Location:
Poland

Category:
IT - Administration

Contract Type:
Not provided

Salary:

Job Description:

Job Responsibility:

Requirements:

Additional Information:

Job Posted:
November 20, 2025

Expiration:
February 19, 2026

Looking for more opportunities? Search for other job offers that match your skills and interests.

Similar Jobs for Cyber Head of Vendor Management