ICT Governance Specialist

XTB is a global company from the financial industry, focusing on online trading of financial instruments. It is the largest FinTech in Poland and a leader in Central and Eastern Europe, operating in several countries including Asia and South America. The company emphasizes employee development through training and development programs and maintains high standards in IT governance, regulatory compliance, and IT risk management.

• Minimum 3 years of practical professional experience in IT Governance / IT Compliance
• Proven competencies and experience in managing risks related to information technology and operational resilience; certifications such as CISM are considered an advantage
• Knowledge and experience in implementing regulations applicable to financial institutions, including the Digital Operational Resilience Act (DORA), supported by training, courses, or certifications
• Experience in creating and updating formal documentation (policies, procedures, instructions, compliance assessments) in line with regulations and standards
• Knowledge of IT compliance, including maintaining regulatory compliance and interpreting standards
• Participation in IT risk analysis processes, IT control assessments, or audits with practical knowledge of risk identification and documentation methodologies
• Independence, teamwork skills, and effective time management
• Good command of English for working with international documentation and regulations

Nice to have:

• Knowledge of industry standards, regulations, and best practices supported by training, courses, or certifications (ISO/IEC 27001, 22301, COBIT, ITIL, NIST, etc.)
• Practical experience in ICT incident management, including maintaining incident registers, supervising incident handling, and reporting incidents to regulators
• Knowledge of project management methodologies, change management, and software development tools and processes
• Experience in conducting audits and familiarity with audit methodologies in information security and business continuity

• Developing, updating, and maintaining IT Governance documentation in line with applicable regulations, standards, and internal policies
• Participating in IT risk analysis processes, including identifying, evaluating, and preparing recommendations and mitigation plans related to information security and business continuity risks
• Supporting compliance processes, including interpreting and implementing legal requirements applicable to financial institutions such as DORA, and IT and information security regulations like ISO standards and GDPR
• Cooperating with Legal and Compliance Departments during audits, inspections, and reviews related to information security and IT systems operations
• Supporting the monitoring of IT compliance in information security, business continuity, personal data protection, and regulatory requirements
• Cooperating with financial regulators worldwide to ensure organizational compliance with applicable financial regulations and laws
• Supporting IT teams in task and project execution, proposing solutions to improve systems, verifying technical possibilities, and preparing documentation for system consistency
• Auditing and evaluating the effectiveness of internal policies, procedures, and documentation related to information security according to legal regulations
• Supervising the incident management process, analyzing incidents, and ensuring timely and compliant reporting of incidents to regulators
• Preparing reports, analyses, and presenting outcomes of conducted work