GSC: Senior Control Manager; Cyber IDAM CCO

Some careers shine brighter than others.

If you’re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

The GCIO Chief Control Office (CCO) team plays an important role in enabling the bank to operate within its risk appetite by ensuring efficient and effective risk and control management. We do this by providing operational risk and control expertise, specialist technical knowledge and a deep understanding of the businesses and functions we serve.

Key activities include implementation and oversight of the Group’s Risk Management Framework, ongoing and targeted controls assessments, implementing and maintaining robust risk governance, and championing a proactive risk culture. GCIO CCO works closely with partners across all lines of defence and is responsible for maintaining positive relationships with our regulators and external partners.

• Act as a trusted advisor to senior management, overseeing the operational risk and control portfolio for Identity and Access Management (IDAM) services.
• Promote data-driven, accountable decision-making and challenge inefficient or excess controls.
• Provide specialist insights to improve the control environment across key IDAM areas such as Joiners, Movers, Leavers (JML), Access Recertification, Segregation of Duties, MFA, and Privileged Access Management.
• Design and implement practical, effective, and commercially viable risk controls.
• Identify trends and anticipate future developments in the cyber risk and control landscape.
• Influence the development and implementation of future‑fit risk management and regulatory frameworks.
• Deliver clear, evidence-based updates to senior management on operational risk and control changes.
• Collaborate globally across regions to maintain a strong and consistent cyber risk profile.

• At least 5 years of hands‑on experience in cyber risk control, particularly in IDAM domains such as JML, Access Recertification, SoD, MFA, and PAM.
• Strong expertise in operational, non‑financial, and information security risk management.
• Experience across IT, Cybersecurity, Risk Management, Operations, or Audit functions.
• Proven ability to influence and challenge stakeholders at all levels.
• Strong communication skills, with the ability to present complex issues clearly to non‑technical audiences.
• Demonstrated leadership experience, including remote team management.
• Relevant certifications (e.g., CISA, CISSP, CRISC, CCSP) are a plus.
• Ability to work independently, prioritise effectively, and adapt in a fast‑paced, regulated environment.

• Annual performance‑based bonus
• Additional bonuses for recognition awards
• Private medical care
• One‑time reimbursement of home office set‑up (up to 800 PLN).
• Nursery and kindergarten discounts
• Financial support with trainings and education
• Flexible working hours

If your CV meets our criteria, you should expect the following steps in the recruitment process:

• Online behavioural test (for external candidates only)
• Telephone screen (for external candidates only)
• Job Interviews with the hiring manager

We are looking to hire as soon as possible so don’t wait and apply now! You'll achieve more when you join HSBC.

We thank all interested candidates for their applications. We reserve the right to contact only selected candidates.

In case you would like to resign from participation in recruitment process or withdraw previously sent to us application, please email us at:

Join our Talent Community so that we can keep you updated and informed of the latest happenings at HSBC.