Senior GRC Information Security Analyst

For our client, a provider of a data automation platform that simplifies and streamlines data processes using modern technologies like no-code, cloud, and AI for major global financial institutions and corporations, we are looking for an experienced GRC Information Security Analyst.

Your role

• Oversee the development and upkeep of the Information Security policy framework, ensuring alignment with risk appetite, regulations, and industry standards.
• Lead enterprise risk management initiatives across the organization and manage third-party due diligence.
• Handle client Information Security inquiries and questionnaires, while maintaining a comprehensive Information Security knowledge base to support customer success and pre-sales teams.
• Serve as the first point of contact for Information Security requests, collaborating on regulatory compliance matters and working with engineering teams to enhance the security knowledge base.
• Track and manage security-related KRIs and KPIs, provide guidance on security matters, and stay informed about emerging threats.
• Foster a strong Information Security culture within the organization and support compliance with ISO27001 and SOC1/2 standards.

Offer

• Private medical care packages available for individuals, partners, or families.
• Multisport card and life insurance package.
• A success-sharing bonus scheme to reward your contributions.
• 600 PLN annual allowance to support your home office setup.
• Unlimited annual leave, trusting employees to manage their own time off.
• Flexible working hours and remote work opportunities.
• Ability to work abroad for up to 6 weeks per country each year.
• Enhanced family leave and personal learning and development budgets.
• Referral bonuses for recommending successful hires.
• Employee Equity Purchase Scheme and recognition awards, including Employee of the Month/Year.
• Four days of paid volunteering time off, with flexibility to choose initiatives.

Requirements

• Six years of experience in Information Security with similar responsibilities, including enterprise risk management, third-party due diligence, and risk assessments.
• Proven experience in conducting Information Security assessments and maintaining an established Information Security Management System (ISMS).
• Expertise in handling Information Security incidents and maintaining accreditations like ISO27001, SOC1, and SOC2.
• Strong knowledge of cloud computing environments, container-based technologies, and relevant security standards.
• Familiarity with tools such as Google Workspace, JIRA, and Confluence, and the ability to thrive in a fast-paced, collaborative setting where developing innovative solutions is key.
• Skilled in delivery, stakeholder management, reporting, and managing risks and issues.