IT Security Team Leader

XTB is a global company from the financial industry, focusing on online trading of financial instruments. We are the largest FinTech in Poland and a leader in Central and Eastern Europe, and the range of our operations covers several countries, including Asia and South America. At XTB, we focus on the development of our employees, giving them opportunities to gain knowledge and skills in various fields, as well as offering a number of training and development programs. If you are looking for challenges and want to gain valuable experience in an international business environment, XTB is the right place for you. We are a certified Great Place to Work company.

We are a rapidly growing organization focused on maintaining high standards in IT governance, regulatory compliance, and effective IT risk management. As part of the expansion of the ICT Governance team within the Product & Technology Department, we are looking for a person who will strengthen our team in key areas related to compliance, risk analysis, and the creation and implementation of documentation in a regulated environment.

We are looking for a person to join our team as an IT Security Leader. The person in this role will combine deep technical cybersecurity expertise with leadership skills.

Your primary goal will be to ensure process consistency and knowledge sharing across the three main security pillars in our organization: Blue Team, Red Team, and AppSec. You will also regularly collaborate with IT, DevOps, GRC, Legal teams, and Product Managers.

Responsibilities

• Implementing the cybersecurity strategy and supervising the operational work of the team,

• Supporting team development: recruitment, onboarding, performance reviews, and creating development plans for team members,

• Defining KPIs, quarterly goals, and metrics for the IT security area,

• Overseeing the security monitoring process, alert handling, and SOC operations,

• Managing ICT security processes and incidents, including ensuring compliance with requirements such as DORA,

• Planning and supervising penetration tests covering infrastructure, networks, web solutions, mobile applications, cloud environments, and social engineering,

• Overseeing the vulnerability management process and prioritizing vulnerabilities in a business context,

• Supporting the threat modeling process from an attacker’s perspective,

• Defining and implementing Secure SDLC within the organization.

Requirements

• Experience as a manager or leader of a technical team, including managing work, goals, and employee development,

• Broad technical knowledge and experience in areas including:

  • Blue Team (monitoring, incident handling),

  • Red Team (penetration testing, vulnerabilities),

  • AppSec (Secure SDLC, CI/CD),

• Ability and experience in cooperating with business stakeholders, auditors, and development teams,

• Knowledge of market regulations and security standards (ISO 27001, DORA, GDPR),

• Proficiency in long-term planning, defining KPIs, monitoring, and reporting results,

• Good command of English sufficient for working with documentation and international regulations.

Nice to have:

• Knowledge of industry standards, regulations, and best practices supported by training, courses, or certifications (ISO/IEC 27001, CEH, CISSP, CISM, etc.),

• Practical experience in managing ICT incident handling processes.

What we offer:

• Real impact on the development of the company and the product.

• Work in an experienced team that actively shares knowledge.

• A clear growth path supported by regular feedback and transparent career development.

• Training budget for courses and conferences of your choice.

• An additional day off on your birthday.

• An additional day off for parents.

• Equipment tailored to your needs.

• Private medical care and group insurance.

• Access to an e-learning platform for learning English and a benefits platform.

• Access to a wellbeing platform, including workshops and private therapy sessions.

• Remote work, work from our Warsaw office, or from a coworking space in your city.

• Regular team integration events.