75 523
18 783
Information Security Manager Miejsce pracy: Poznań Technologies we use Expected Microsoft Azure Google Cloud Platform AWS Operating system Windows macOS Linux About the project As an Information Security Consultant, you’ll join a team providing end-to-end security leadership and compliance support for clients - helping them build security programs that are both audit-ready and operationally effective. You’ll translate frameworks and regulatory expectations into clear priorities and implementable controls, working closely with engineering and leadership to drive measurable risk reduction. This is a hands-on, client-facing role: you’ll assess environments, shape roadmaps, produce documentation that stands up to scrutiny, and enable teams through practical training and awareness initiatives. Your responsibilities Own technical and organizational security workstreams, including IT environment audits (e.g., cloud, SDLC), risk assessments, and implementation of security controls and pragmatic recommendations. Maintain and develop compliance programs aligned with standards and regulations such as ISO/IEC 27001, TISAX, ISO/IEC 42001, PCI DSS, NIS2, DORA, PSD2/PSD3, and others, covering audit readiness, certification preparation, and stakeholder coordination. Create and maintain security documentation, including policies, procedures, technical standards, business continuity plans, diagrams, checklists, and client-ready presentations. Deliver security maturity and awareness initiatives, such as phishing simulations, trainings, tests, workshops, and other educational activities. Drive cross-functional delivery with measurable outcomes: align security requirements with business goals, define actionable remediation plans, track progress, and report security status in a way that supports decision-making. Support security operating model improvements, including third-party risk inputs, onboarding/security governance for new products and changes, and coordination of evidence collection for audits (especially in fast-moving SDLC environments). Our requirements Minimum 5 years of experience in information security, IT audits, or compliance, ideally including hands-on work with ISO 27001, PCI DSS, TISAX, NIS2, or related frameworks. Solid understanding of technical security foundations, including cloud environments (e.g., AWS, Google Workspace), SDLC processes, and risk management. Proven track record of producing security documentation, such as policies, procedures, BCP/DRP, and technical standards, written clearly for both technical and business audiences. Ability to lead security and compliance projects end-to-end, collaborate effectively with business and technical stakeholders, and communicate recommendations in a pragmatic, implementable way. Very good command of Polish and English (spoken and written), required for documentation, presentations, and client communication. Strong consulting mindset and being comfortable facilitating workshops, handling ambiguity, prioritising under constraints, and managing multiple stakeholders and timelines in parallel. Ability to build clear action plans, maintain audit evidence trails, and keep initiatives moving (e.g., via Jira/Confluence-style ways of working), without losing sight of the “why”. About Us Patronusec Sp. z o.o. is a cybersecurity and compliance consultancy that turns complex security requirements into practical, auditable outcomes - without slowing the business down. As Poland’s largest consultancy delivering PCI compliance audits, we’re an accredited PCI QSA provider, supporting multiple PCI certification paths and helping organisations strengthen payment security through rigorous, repeatable assessments and high-impact advisory work. Our distributed team operates across multiple regions, enabling us to support clients internationally. We combine deep technical understanding with a highly practical delivery style: from cloud and SDLC assurance, through risk management and security documentation, to security programmes that can operate day-to-day - not just during the audit week. Our team has delivered services to clients in 60 countries, completing 1,000 certification audits and consulting engagements, including work with large international organisations. We are also positioned to support regulated environments and resilience-driven requirements (including specialist testing expectations referenced by regulations such as DORA).