Head of Information Security and IT Risk

We are looking for a Head of Information Security and IT Risk who will be responsible for leading the development and execution of the organisation’s information security and IT risk strategy. The role will report into the Chief Information Technology Officer and provide assistance to the Information security and IT Risk team.

Length: Permanent

Location: Warsaw, Poland

Environment: Hybrid - 2 days in the office

Key responsibilities:

• Define and deliver the organisation’s information security and IT risk management strategy.
• Lead and manage a team of professionals across information security, operational resilience, and IT risk.
• Identify, assess, and manage IT-related risks including security, operational, development, delivery, supplier, compliance, and strategic risks.
• Perform and support risk assessments for new systems, projects, and third-party vendors.
• Ensure compliance with relevant standards, regulations, and frameworks.
• Oversee the deployment and operation of security tools and technologies (e.g., firewalls, SIEM, endpoint protection, zero-trust technologies).
• Manage penetration testing and other assurance activities, including remediation of findings.
• Lead incident response planning and investigation of security breaches, ensuring timely resolution and reporting.
• Assess the maturity and effectiveness of security controls. Develop and manage action plans for addressing gaps and delivering improvements.

What is required to be successful in this role:

• 10+ years of experience in information security and IT risk management, preferably within financial services.
• Strong leadership background, with experience managing and developing high-performing teams in complex environments.
• Deep understanding of cyber security principles, IT risk frameworks, and operational resilience practices.
• Demonstrated ability to design and implement security strategies, policies, and controls aligned with business and regulatory requirements.
• Hands-on experience with security technologies such as firewalls, SIEM, endpoint protection, and vulnerability management tools.
• Familiarity with relevant standards and frameworks (e.g., ISO 27001, NIST, COBIT, GDPR, DORA).