Risk Management & Governance: Drive comprehensive Information Systems Security (ISS) risk assessments. Execute multi-level ISS controls (1st and 2nd lines of defense) to ensure robust, layered protection of organizational assets. Supervise regular penetration testing and Disaster Recovery (DR) exercises.
Operational Resilience (DORA): Evaluate and ensure organizational alignment with the Digital Operational Resilience Act (DORA). Manage local procedures according to Group policies and maintain proactive communication with the Group CISO.
Incident Response & Crisis Management: Coordinate response to significant ICT incidents. Activate and lead ad-hoc crisis management units within the Business Continuity Plan (BCP) framework. Conduct root-cause analysis and integrate "lessons learned" into the entitys security strategy.
Asset & Data Protection: Implement technical safeguards to ensure the Confidentiality, Integrity, and Availability (CIA) of electronic assets, aligned with Data Owner classifications and Group security standards.
Cloud & Modern Infrastructure: Serve as the local Cloud Security Subject Matter Expert (SME). Ensure cloud adoption follows the Group’s reference architecture and security frameworks.
Third-Party Risk Management: Validate that ICT vendors and outsourced services comply with ISS requirements and security policies throughout the entire contract lifecycle (onboarding to termination).
Strategic Liaison & Reporting: Act as a key bridge between the Group CISO and local operational functions. Orchestrate project portfolio management (PPM), monitor new initiatives, and provide executive-level reporting to the Branch Director and unit heads.
Security Culture: Develop and deliver comprehensive security awareness programs, communication campaigns, and technical trainings to foster a human-centric security culture.
requirements-expected :
Professional Experience: Minimum 2+ years of progressive experience in cybersecurity, with a focus on GRC (Governance, Risk, Compliance), IT audit, or Operational risk management within regulated sectors (e.g., Finance, Insurance).
Educational Background: University degree (Master’s preferred) in Cybersecurity, Computer Science, or a related technical field.
Framework Knowledge: Good understanding of GRC methodologies and practical familiarity with industry security standards (e.g., ISO/IEC 27001, NIST CSF, CIS Controls, or similar). Practibo albo go cal knowledge of GDPR and DORA is essential.
Technical Knowledge: Strong understanding of common IT and network technologies, combined with the ability to develop and enforce local security policies and guidelines.
Strategic Communication: Proven ability to translate complex technical vulnerabilities into actionable business risks for non-technical executive leadership.
Language Skills: Very good knowledge of English is mandatory for effective international stakeholder management.
Preferred Certifications: Industry-standard certifications such as CISM, CISSP, or CISA would be an additional advantage.
Soft Skills: Analytical mindset with a "detective" eye for detail, combined with the political savvy to navigate complex organizational structures.
offered :
Employment Terms: Employment based on a contract of employment – initial contract for a 6-month period, followed by an indefinite contract upon positive performance evaluation
Growth & Development: A clear career trajectory with dedicated individual training budgets, access to global conferences, and mobility opportunities within our financial group.
Modern Work-Life Integration: A stable hybrid model (3 days office / 2 days remote) providing the perfect balance between team synergy and personal flexibility.
Premium Workspace: A modern, ergonomic office environment in Warsaw with dedicated team zones (no hot-desking) and top-tier hardware.
Comprehensive Benefits: Private medical care for you and your family, life insurance, and a wide range of wellbeing initiatives.
Collaborative Culture: A supportive, high-trust atmosphere with regular team-building events and a focus on an active lifestyle.
benefits :
sharing the costs of sports activities
private medical care
sharing the costs of professional training & courses
