Senior Data Security Policy Engineer – Cybersecurity & Data Protection

The role is for a leading global financial institution focused on safeguarding critical data and maintaining industry-leading security standards, based in Krakow with a hybrid work model.

• Minimum 5 years of experience in Data Security Engineering within a regulated or financial environment.
• Hands-on experience with DLP products such as Symantec DLP, Zscaler, Trellix, or Proofpoint DLP.
• Strong knowledge of Data in Motion and Data at Rest security concepts.
• Proven ability to create, analyze, and update data security policies.
• Experience with Agile methodologies, project planning, and management.
• Excellent communication skills and a strong team-oriented mindset.
• Ability to translate complex security requirements into actionable plans.
• Awareness of the threat landscape affecting financial services.

Nice to have:

• Industry certifications (CISSP, CISA, CISM).
• Experience with threat detection and security monitoring tools.
• Knowledge of SQL, scripting, or automation in security processes.

• Support the establishment of HSBC as a contributor to industry information sharing in cybersecurity.
• Manage policy engineering to ensure data security controls are fulfilled and improved.
• Collaborate with business lines to understand requirements and address data protection gaps.
• Design, develop, and refine security policies aligned with enterprise risk appetite.
• Organize onboarding of business units into new data protection policies and controls.
• Assist with innovations and development initiatives in data security engineering.
• Oversee migration of new tooling into business-as-usual operations.
• Drive service improvements and enhance customer usability of data security offerings.
• Provide MI and KPI reports for senior management on data security tooling effectiveness.
• Lead training, development, and mentorship of junior cybersecurity analysts.
• Configure and operate DLP and other policy enforcement tools, including data scanning solutions.
• Offer production support for data security policies and tooling.
• Use Confluence and Jira for project management and operational support.
• Engage with stakeholders, manage communication, and handle audit requirements.

Only candidates with an existing legal right to work in the European Union will be considered for this role.