IT Risk Analyst (CMB IT)

  • HSBC Service Delivery (Polska)
  • Krakow
  • Employment contract
  • 05.11.2019


Experience level: Mid

  • Having a working knowledge of the FIMs
  • Knowledgeable about the projects/activities in IT and familiar with the technologies / methodologies involved,
  • Exposure to structured risk management will be an advantage - however, training/workshops will be conducted to provide this.

Project you can join


Join a global team covering all Commercial Banking Customers of HSBC across the globe and implementing solutions by using rapidly evolving technological landscape. Be a part of a growing team which operates in Agile and DevOps and has loads of opportunities to upskill yourself in various modern technologies.

Key Accountabilities:

Culture & Awareness:

• Acts as IT risk SPOC/SME for their service line,

• Drive Management Awareness and Engagement within their respective domains and provide on-going support, advice, and relationship management on all IT risk matters,

• Communicates across the layers in the IT service line to promote understanding of risk and controls, issues and lessons learned,


• Supports IT risk function in the creation of dispensations / risk acceptances where policy is breached and reviews and challenges the data to ensure that appropriate risk assessments, remediation plans and compensating controls have been included ,

• Acts as function expert for IT Risk and supports the execution of IT Risk reviews, RCA workshops with Risk and control owners and agree actions for improvement where relevant. Contribute to special projects such as CPA, PDiNPE, Road to Green, Records Management, 3LOD, etc. which are sponsored by Global IT Risk,

• Where relevant supports IT Risk with IT service line specific knowledge or local (i.e. regulatory) expertise.

Governance & Reporting:

• Supports the IT Risk function on regular IT RMM reporting and keeps track of functions specific issues & actions,

• Attends and/or supports their Function Business Control Committees (BCC's), Risk Management Meetings/Committees to provide updates on their control environment,

• Drives closure of issues (including audit raised) within the function in collaboration with accountable owners,

• Supports execution of audits when required,

• Proactively identifies and raises MSII's in collaboration with IT Risk ensuring that these are appropriately documented, tracked and approved by required parties,

• Works closely with IT Risk on keeping risk registers (ORION, AID, COMET etc.) up to date and assures correctness of data,

• Reviews IT risk reports, lessons learned and ad-hoc communication for relevance for the service line and initiates appropriate actions.


• Provides input and supports IT Risk to define appropriate scope of ICMP and SOX testing required,

• Supports IT Risk in execution of ICMP and SOX testing when required,

• Act's as key point of contact for function specific testing.


  • Laptop
  • Additional monitor
  • Headphones
  • Personal container
  • Phone
  • Freedom to pick your tools

Work environment

  • Open space
  • Remote possible: 30%
  • Paid vacation: 26


  • Healthcare package
  • Healthcare package for families
  • Financial bonus
  • Hot beverages
  • Fruits
  • Language courses
  • Visa Services
  • Conferences
  • Trainings
  • Books
  • Car parking
  • Bicycle parking
  • Shower
  • Chill room
  • Integration events

Contact this employer

HSBC Service Delivery (Polska) is a Data Controller ...