ICT Governance Specialist

XTB is a global company from the financial industry, focusing on online trading of financial instruments. We are the largest FinTech in Poland and a leader in Central and Eastern Europe, and the range of our operations covers several countries, including Asia and South America. At XTB, we focus on the development of our employees, giving them opportunities to gain knowledge and skills in various fields, as well as offering a number of training and development programs. If you are looking for challenges and want to gain valuable experience in an international business environment, XTB is the right place for you. We are a certified Great Place to Work company.

We are a rapidly growing organization focused on maintaining high standards in IT governance, regulatory compliance, and effective IT risk management. As part of the expansion of the ICT Governance team within the Product & Technology Department, we are looking for a person who will strengthen our team in key areas related to compliance, risk analysis, and the creation and implementation of documentation in a regulated environment.

Responsibilities

• Developing, updating, and maintaining IT Governance documentation in line with applicable regulations, standards, and internal policies,

• Participating in IT risk analysis processes - identifying, evaluating, and preparing recommendations and mitigation plans related to information security and business continuity risks,

• Supporting compliance processes, including interpreting and implementing legal requirements applicable to financial institutions (such as DORA) as well as IT and information security regulations (ISO standards, GDPR, and others),

• Cooperating on behalf of IT with the Legal and Compliance Departments during audits, inspections, and reviews related to information security and IT systems operations,

• Supporting the monitoring of IT compliance in the areas of information security, business continuity, personal data protection, and regulatory requirements,

• Cooperating with financial regulators across different regions worldwide to ensure organizational compliance with applicable financial regulations and laws,

• Supporting IT teams in the execution of tasks and projects, proposing solutions aimed at improving systems by verifying technical possibilities and preparing documentation to ensure consistency with other systems,

• Auditing and evaluating the effectiveness of internal policies, procedures, and documentation related to information security in accordance with legal regulations,

• Supervising the incident management process, analyzing incidents, and ensuring timely and compliant reporting of incidents to regulators,

• Preparing reports, analyses, and presenting the outcomes of conducted work.

Requirements

• Minimum 3 years of practical professional experience in IT Governance / IT Compliance,

• Proven competencies and experience enabling effective management of risks related to information technology and operational resilience (certifications such as CISM are considered an advantage),

• Knowledge and experience in implementing regulations applicable to financial institutions, including the Digital Operational Resilience Act (DORA), supported by completed training, courses, or certifications,

• Experience in creating and updating formal documentation (policies, procedures, instructions, compliance assessments) in line with regulations and standards,

• Knowledge of IT compliance, including maintaining regulatory compliance and interpreting standards,

• Participation in IT risk analysis processes, IT control assessments, or audits - practical knowledge of risk identification and documentation methodologies,

• Independence, teamwork skills, and effective time management,

• Good command of English, enabling work with international documentation and regulations.

Nice to have

• Knowledge of industry standards, regulations, and best practices supported by completed training, courses, or certifications (ISO/IEC 27001, 22301, COBIT, ITIL, NIST, etc.),

• Practical experience in ICT incident management, including maintaining incident registers, supervising incident handling, and reporting incidents to regulators,

• Knowledge of project management methodologies, change management, and software development tools and processes,

• Experience in conducting audits and familiarity with audit methodologies in the areas of information security and business continuity.

What we offer

• Real influence on the development of the company and the product,

• Work in an experienced team that is happy to share its knowledge,

• A clear vision of development thanks to regular feedback and clear career paths,

• A training budget for courses and conferences that interest you,

• Regular team-building meetings.

Benefits

• An extra day off on your birthday,

• An extra day off for parents,

• Equipment tailored to your needs,

• Private medical care and group insurance,

• Access to an e-learning platform for learning English and a benefits platform,

• Access to a wellbeing platform and the opportunity to take advantage of workshops and private therapy sessions,

• Remote work, from the office in Warsaw or from a coworking space in your city.