Chief Information Security Officer

G2A.COM is the world's largest and most trusted marketplace for digital entertainment, where more than 30 million people from 180 countries have purchased over 100 million items. Users can choose from more than 75,000 digital offerings, including games, DLCs, in-game items, as well as non-gaming items such as gift cards, subscriptions, software, and e-learning, sold by sellers from all over the world. G2A.COM leads in online security, awarded with the prestigious American CNP award alongside companies such as Microsoft, Barclay's Bank and First Data. 

Help us create a world where information security matters the most. We are looking for an experienced and involved person to take over the position of the Chief Information Security Officer (CISO) and lead our organization in a dynamic digital environment. If you’re an expert on information security who’s up for challenges and boasts excellent leadership skills, this opening is exactly what you’re looking for! 

As the Chief Information Security Officer you will be responsible for devising and implementing information security strategy, identifying and managing risk, as well as monitoring the compatibility with the latest industry standards. Your close co-operation with the teams of engineers, analysts and other professionals in the realm of cybersecurity will be key to our mutual success. We are offering you an opportunity to work in a dynamic environment where your ideas and innovations will be valued. If you want to become an architect of security in our organization and help us retain our position as the leader in data protection, be sure to apply! 

Your responsibilities: 

• Security policy and strategy: devising, implementing and maintaining an information security strategy adjusted to the e-commerce industry 
• Coordinating security operations: overseeing the activities related to protecting our IT systems and data from fraud and implementing and managing monitoring and breach detection systems 
• Coordinating the activities related to security throughout the entire buyer’s journey on G2A.COM for protection from fraud and taking care of anti-fraud systems and activities 
• Devising, implementing and maintaining a security strategy for the company’s current SDLC process, in particular: 
• Implementing good security practices from the beginning to the end of the development cycle 
• Setting, executing and verifying coding standards regarding security 
• Conducting security tests as part of the SDLC process 
• Ensuring security in case of integrations with external systems, such as payment providers 
• Managing risk: identification, assessment and management of risks related to information, e-commerce and online transaction security 
• Regulatory compliance: ensuring compliance with laws and industry regulations regarding data protection, as well as co-operating with our legal department in order to monitor changes in regulations and adjust our activities accordingly 
• Monitoring and reacting to incidents: implementing security monitoring systems and activities related to reacting to incidents, as well as investigating security breaches and preparing reports, especially those regarding botnet attacks aimed at finding security vulnerabilities in our systems (such as payment systems), which can cause fraud 
• Security auditing and risk analysis: conducting regular information security audits, including risk assessment, identifying gaps in our security measures and providing recommendations on fixes to such issues. This also involves co-operating with external auditors in order to ensure an independent assessment of information security programs 
• Verifying application and infrastructure architecture with regards to security, providing recommendations, monitoring implementations and impact on security 
• Promoting awareness and educating employees and partners regarding security in the entire organization 
• Reporting and monitoring: preparing regular reports on the state of information security for the board and monitoring key indicators regarding information security 
• Co-operating with other departments (especially Technology, Buyers, Sellers, UX, Analytics, and Commercial teams) in order to secure their processes and data, as well as to determine the impact of the planned changes on business results 
• Co-operating with external partners: representing the company in contacts with external information security service providers, business partners and regulatory bodies. Negotiating the terms and conditions of the contracts with service providers 
• Representing the company and promoting information security – representing the company during industry conferences and interviews regarding information security, presenting the best information security practices and participating in discussion panels and workshops promoting information security awareness. 

You’re a perfect match for this role if: 

• You have at least 7 years of experience in information security 
• You are well-versed in the subjects related to cyber-threats in the e-commerce industry 
• You have experience with SDLC processes regarding security 
• You have experience with e-commerce payment processes 
• You have knowledge on fraud prevention systems 
• You have experience in payment or e-commerce industries that you can brag about 
• You know the latest IT technologies like the back of your hand and you have the ability to analyze and identify the risks related to cyberspace, as well as devise risk management strategies 
• You are familiar with the current information security regulations and standards, including GDPR, ISO 27001, etc. 
• You are familiar with and know how to use various different security tools, such as firewalls, intruder detection systems or anti-virus software 
• You are familiar with auditing processes and information security standards 
• You are familiar with regulation regarding information safety and you are able to interpret them and put them to good use 
• You can effectively manage security-related incidents and complete tasks in order to minimize the losses 
• You are able to relay important information regarding cyberspace threats clearly and concisely 
• You are able to effectively cooperate with other information security specialists 
• Your actions are aimed at reaching the following goal: ensuring a high level of security at the organization 
• You can make right decisions quickly, keeping data and system security in mind 
• You are up to date with the latest cybersecurity tools and technologies, which helps you prevent attacks effectively 
• You like giving interviews, writing articles and comments regarding current threats, trends and information security innovations 
• Bonus points for being a proud owner of industry certificates, such as CISSP, CISM, CEH, etc. 

Why joining us worth it?

• You can work from the office, remotely or in a hybrid model – you choose 
• You will gain access to the latest tools and technologies needed to effectively manage information security 
• You will be the key player in creating our company’s security strategy 
• You will get all the necessary tools needed for work, such as a laptop and/or phone 
• We can equip your home office with all the ergonomic equipment you need, such as leg supports, sitting ball chairs, chairs and back supports, monitors, mousepads, mice, keyboards, and headphones 
• We care about work-life balance and well-being of our team 
• We appreciate your ideas and give you an opportunity to bring them to life 
• You can develop your competencies and take part in numerous internal and external training courses as per the Manager’s Academy and G2A’s Learning & Development & Well-being program 
• Our values are Diversity, Equity, and Inclusion (DEI) 
• We support grassroots initiatives and participate in charities together 
• You will gain access to valuable benefits, such as the Welcome Pack, Worksmile vouchers (G2Anians get 200 points worth 200 PLN each month which they can then spend on numerous services and products from well-known brands available on the Worksmile platform), medical care, Multisport cards, the possibility to take part in internal and external training sessions and industry conferences, and many more 

Next steps: 

If you’re interested in what we have to offer you, be sure to send us your CV – we will be delighted to check it out! 

If you need to know more about the recruitment process at G2A, we have prepared a detailed article on it, including useful hints on how to prepare for job interviews: https://tiny.pl/c8kvb 

Would you like to know more about G2A? 

Take a look at our Fact Sheet, which you will find here: https://www.g2a.co/fact-sheet/