Informacje o stanowisku

responsibilities :

• Serve as the SME for third-party reporting assurance, encompassing ISAE3402 and supporting ISAE3000 (Data privacy). Act as SPOC supporting the external auditors, internal audit, cybersecurity, and the IT owners.
• Work with cross-functional teams and the first line of defence to identify, assess, and support mitigation of IT risks across critical services, new products, and projects, ensuring alignment with internal policies.
• Provide second line oversight, providing independent review and challenge of IT risk assessments, helping ensure compliance with frameworks, regulatory requirements, and industry standards.
• Respond to internal control inquiries, track remediation efforts to resolution, and support the design and effectiveness of IT controls supporting controls and compliance.
• Analyse information flows and business processes to identify potential IT and security risks, including those related to End-User Computing (EUC) applications.

• Familiarity with (preferably solid experience with) using relevant industry standard IT standards and frameworks such as IRAM2, COBIT, ITIL and ISO27001.
• Strong understanding of regulatory requirements and industry standards (e.g. EBA, DORA, GDPR, ISO 27001/27002, NIST, PSD2, ISO 22301, NIS2) related to IT risk management and cybersecurity.
• Self-driven and demonstrate the ability to take full ownership of activities and responsibilities, ensuring tasks are completed efficiently and effectively, and proactively addressing any challenges that may arise.
• Strong interpersonal, communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization.
• Passionate about continuously acquiring knowledge and desire to grow.
• Foster a work environment that promotes respect, cultural awareness, and the development of skills to engage effectively with individuals from diverse backgrounds.
• Knowledge of both financial services industry and payment processing industry is a plus.
• Degree in Engineering, Computer Science, Information Systems, or a related field; advanced degree or relevant certifications (e.g., CISSP, CISM, CRISC, CISA) preferred.
• At least 10 years of work experience in IT risk management, cybersecurity, IT audit or related fields.
• Excellent command of spoken and written English.

• Attractive salary and an overall competitive package
• Well-structured training for the job and constant support from your manager
• Hybrid way of working
• Flexible work hours
• Home equipment allowance
• Equipment needed for the role (laptop and mobile phone, including monthly mobile phone subscription)

• sharing the costs of sports activities
• private medical care
• sharing the costs of foreign language classes
• sharing the costs of professional training & courses
• life insurance
• remote work opportunities
• flexible working time
• integration events
• retirement pension plan
• extra social benefits
• holiday funds
• employee referral program
• charity initiatives
• extra leave

Kraków - Oferty pracy w okolicznych lokalizacjach