Informacje o stanowisku
We’re building a team to bring structure and clarity to how cybersecurity work is planned and delivered — and we’re looking for someone who enjoys process thinking, cross-team collaboration and translating high-level requirements into clear, measurable controls.
Youll be joining…
- A Cybersecurity GRC team focused on building a consistent, practical and measurable policy & standard framework.
- An environment with a defined security roadmap through 2026, covering resilience, application security, standards and documentation, and alignment with NIS2.
- A person who can design a measurable, interpretable and implementable cybersecurity program.
- Someone who can work across teams, speak both with analysts and business stakeholders, and translate those discussions into concrete, enforceable and measurable policy requirements.
- A mature specialist with strong understanding of security governance rather than technical configuration or tooling.
- Someone who may later take on management responsibility for another team member.
- At least 4 years of experience in a similar role, ideally within an internal security or GRC function — with hands-on implementation of security policies and standards in a large/global environment.
- Ability to translate high-level requirements from frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS Controls) and domain SMEs into actionable and measurable control objectives.
- Practical experience with governance processes related to policies and standards (reviews, approvals, communication, lifecycle management).
- Understanding of cybersecurity regulations, including NIS2, and the ability to reflect regulatory requirements in policies and standards.
- Broad, cross-domain cybersecurity knowledge at a non-technical, governance-oriented level.
- Excellent communication skills in English and strong stakeholder-management skills.
Nice to have:
- Certifications such as CISSP, CISM, CRISC.
- Experience building and maintaining a structured pipeline for security documentation (creation, updates, retirements).
- Understanding of risk-based decision making when developing requirements (e.g. cost/gain ratio, adoption friction).
- Interest in regulatory changes and updates to established cybersecurity frameworks.
We’re building a team to bring structure and clarity to how cybersecurity work is planned and delivered — and we’re looking for someone who enjoys process thinking, cross-team collaboration and translating high-level requirements into clear, measurable controls.
Youll be joining…
- A Cybersecurity GRC team focused on building a consistent, practical and measurable policy & standard framework.
- An environment with a defined security roadmap through 2026, covering resilience, application security, standards and documentation, and alignment with NIS2.
,[create and maintain policies and standards,, run governance processes across the full document lifecycle,, coordinate work with domain SMEs,, develop and execute a clear plan leading to final publication of documents,, and define measurable controls and reporting mechanisms supporting the overall cybersecurity framework. Requirements: NIST CSF, NIST 800-53, ISO 27001, CIS Controls, SMEs comain, Governance processes, NIS2, Cybersecurity, Communication skills, Stakeholder management, CISSP, CISM, CRISC
Praca WarszawaManager WarszawaHR Manager WarszawaProduct manager WarszawaAccount manager WarszawaProject Manager WarszawaContent Manager WarszawaBusiness Development Manager WarszawaKey Account Manager WarszawaWarszawa - Oferty pracy w okolicznych lokalizacjach
