Job Description

Location – Krakow

Why is this job for you:

The I&T GRC function supports the CISO and IT leadership across a range of information security, cybersecurity and technology risk controls, in support of IT, business, regulatory and customer requirements.

Reporting to the Head of I&T GRC or direct report thereof, the role provides internal information security control consultancy and assessment. Reporting to the Head of I&T GRC or direct report thereof, the role provides internal security controls consultancy and assessment, supports business and IT stakeholder third party risk management arrangements and operates greed I&T GRC operated processes or controls.

You will:

• Create information and cybersecurity documentation (standards, processes, or guidance) in support of certification and compliance goals in the context of external certification and regulatory compliance requirements (e.g., ISO27001 and EU NIS2 implementation)

• Own or support assigned agreed information security controls operated by I&T GRC e.g., risk process management, aspects of training and awareness in collaboration with wider team, support for desktop simulations

• Respond to customer security assurance requirements. Supplier security schedule / assurance

You have:

• Experience of working in large, multi-national and cross-functional teams supporting IT and business stakeholders

• Good working knowledge of recognised information and cybersecurity standards such as the NIST CSF, ISO27001, Information Security Forum SOGP

• Experience of information security controls design and documentation, assessment and/or assurance

• Experience information security customer questionnaires, supplier assurance and third-party risk management

• Hands on experience of GRC platforms and/or use of Microsoft tooling e.g., Power BI building on SharePoint capabilities

• Knowledge of or practical experience of the range of information security and cyber security domains e.g.:

• Security policy frameworks (e.g., policy, standards, guidelines, procedures)

• IT and cyber security risk management process management and tools

• IT resilience and recovery

• Experience of configuring or administering GRC platforms and/or use of Microsoft tooling e.g., Power BI building on SharePoint capabilities, or security tools such as training and awareness or simulated phishing tools

• Professional or academic qualification in relevant subject e.g., Computer Science, Information Security, Legal or Data Protection topics

• Has achieved or has ambition to achieve relevant certification e.g., Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Management (CISM) or related

• Ability to travel up to 20%

• Fluency in English