Requirements:

• Conducting risk assessments (ideally of third-party vendors) against security standards, such as ISO 27001 and NIST
• Understanding of concepts of cyber security controls in IT areas (e.g. Access management, Application security)
• Knowledge of security assessments methodology
• Analyzing and evaluating security controls and documentation policies (evidence)
• Recommending mitigation actions related to identified risks
• Reporting and communicating identified risks to stakeholders
• Monitoring of status of implementation of mitigation actions and support

Education and skills:

• 2+ years of experience in security assessments and cyber risk management (ideally including TPRM)
• Practical understanding of IT security standards such as ISO27001, NIST, OWAS
• Bachelor's degree with professional certification in Cybersecurity, IT or a related field
• Certifications such as CISA, CISSP, CISM as a plus
• Communication skills
• Good self-organization
• English skills in writing and speaking
• Analytical and problem-solving skills

Responsibilities:

• Third Party Risk Mgmt experience in the following areas:Conducting risk assessments of third-party vendors to identify potential security threats and vulnerabilities
• Conducting Cloud assessments
• Conducting audits
• Analysing and evaluating vendor security controls, policies, and procedures to ensure compliance with regulatory requirements and industry best practices
• Developing and implementing risk mitigation strategies to address identified vulnerabilities and reduce the organization's exposure to cyber threats
• Communicating assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams
• Monitoring and tracking vendor compliance with security policies and procedures through ongoing assessment activities

Offer:

• B2B via Experis
• Hybrid work from Cracow or Wrocław - 4 days per week from the office
• MultiSport Plus
• PZU group insurance
• Medicover
• e-learning platform