Cybersecurity GRC Consultant

Location: 100% remote work (Candidates based in Poland)

Availability: ASAP / within 1 month

Description

We are looking for an experienced GRC Professional to support security, risk and continuity activities within an agile tribe. The role focuses on embedding security by design principles, influencing business decisions and ensuring compliance with security and continuity standards across applications and processes.

Responsibilities

• Ensure deployment of security and continuity policies within the tribe

• Influence business decisions in line with security goals and objectives

• Ensure applications are onboarded to security tools when eligible including SAST, AVS, pentests, SCA and ANON

• Promote security by design and by default principles and contribute to software design and architecture discussions

• Occasionally support teams in troubleshooting and debugging security issues and lead transversal vulnerability remediation taskforces

• Contribute to agile events such as Sprint Planning and Backlog Review when a strong security focus is required

• Provide reporting on the security level and vulnerabilities of applications within the assigned perimeter to IT Risk and Cyber Security CoE

• Share best practices with central IT Risk & Cyber Security teams and other tribe security officers

• Follow up on continuity tests and exercises

• Support teams in evaluating and formalizing IT risks and defining mitigation measures

• Follow up on identified remediation plans

• Provide IT risk reporting to the tribe and escalate risks according to their severity

• Assemble evidence for internal control plans and audits

Requirements

• Warszawa

• Strong knowledge of agile methodologies

• Proven experience in vulnerability remediation

• Ability to work independently with a consultant mindset

• Strong communication skills and stakeholder management capabilities

Skills

• Agile delivery environments

• Vulnerability and risk management

• Team collaboration and coordination

• Stakeholder communication

• Analytical and structured approach

Offer

• B2B contract via Experis

• Multisport card

• Private healthcare (Medicover)

• Access to an e-learning platform

• Group life insurance