Cyber Security Specialist

• Job Title: Information Security GRC Specialist - Cybersecurity Expert
• Duration: 6-12 month contract with possible extension
• Location: Warsaw, Poland
• Work Mode: Hybrid (3 days onsite in a week)

Key skill

• Solid experience with implementing risk framework based on iso27k
• presenting risk and collecting risks
• experience with security awareness training
• technical risk assessments and implementing security controls across engineering and business departments (previous experience as an internal Information Security Officer/expert in organization).
• good experience in cybersecurity, particularly in risk management, compliance, and the implementation of security tools.
• ISO 27001 Compliance: Ensure adherence to international security standards and implement new controls.
• SOC2 Compliance: Manage compliance with SOC2 requirements and expand our Internal Control Framework.
• Compliance & Standards Implementation: Ensure alignment with frameworks such as ISO 27001, SOC 2, and the NIST Cybersecurity Framework, supporting continuous compliance.
• Collaboration & Teamwork: Work closely with colleagues and leadership to achieve audit and security objectives.
• Continuous Improvement: Stay informed on evolving threats, regulations, and best practices to enhance audit and compliance processes.
• Project Management Contribution: Support and coordinate various security-related projects with an emphasis on audit preparedness.

Responsibilities:

• Lead technology and security compliance programs that meet industry standards, regulatory requirements, and organizational objectives.
• Lead technical assessment activities to identify, evaluate, and prioritize information security risks across the organization, including threats, vulnerabilities, and potential impacts to information and technology assets.
• Develop and drive implementation of effective risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements.
• Develop comprehensive metrics and dashboards to communicate the status of information security risks to stakeholders and leadership.
• Analyze security data to identify trends, vulnerabilities, and areas for improvement.
• Collaborate with internal and external auditors to facilitate security audits and assessments.
• Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects.
• Stay current with industry trends, emerging threats, and best practices for information security and risk management.
• Provide expert technical guidance and support in developing and maintaining information security policies, standards, and procedures.
• Implement enterprise-wide risk management frameworks that aligns with industry standards (e.g. ISO27001, NIST, etc).