Information Security Specialist

We work on raising the security level of products and processes in one of the largest media-technology organizations in Poland. The Security Processes team is a partner for product and technical teams, working in a shift-left approach where security and risk responsibility are integral from early design decisions to implementation.

• 2–5 years of experience in information security or GRC
• Knowledge of security standards (including ISO 27001, NIST) and industry best practices
• Ability to independently maintain and create clear and functional policies and procedures
• Experience conducting internal audits
• English language proficiency at B2/C1 level

Nice to have:

• Knowledge of ISO 22301, KSC/NIS2
• ISO 27001 Internal Auditor Certificate (or in progress)
• Ability to collaborate with business and technical departments, understanding their goals and constraints
• Skill in integrating security with business processes to support organizational goals without increasing operational tasks
• Technical basics: networks, Linux/Windows, cloud environments, Entra ID

• Independently create and update thematic security policies and procedures (ISMS, BCMS, AIMS) considering operational realities and business needs
• Participate in risk analyses for business solutions and suppliers to support informed decision-making
• Handle security incidents and vulnerabilities, maintain registers, and prioritize based on business impact
• Create training materials and conduct employee training
• Conduct gap analyses and security reviews against industry standards and best practices
• Collaborate substantively with product and IT teams on security control selection, from analysis to recommendations