ICT Governance Specialist

XTB is a global company from the financial industry, focusing on online trading of financial instruments. It is the largest FinTech in Poland and a leader in Central and Eastern Europe, with operations in several countries including Asia and South America. The company emphasizes employee development through various training and development programs. XTB is a certified Great Place to Work company and is rapidly growing with a focus on IT governance, regulatory compliance, and IT risk management.

• Minimum 3 years of practical professional experience in IT Governance / IT Compliance
• Proven competencies and experience enabling effective management of risks related to information technology and operational resilience (certifications such as CISM are considered an advantage)
• Knowledge and experience in implementing regulations applicable to financial institutions, including the Digital Operational Resilience Act (DORA), supported by completed training, courses, or certifications
• Experience in creating and updating formal documentation (policies, procedures, instructions, compliance assessments) in line with regulations and standards
• Knowledge of IT compliance, including maintaining regulatory compliance and interpreting standards
• Participation in IT risk analysis processes, IT control assessments, or audits - practical knowledge of risk identification and documentation methodologies
• Independence, teamwork skills, and effective time management
• Good command of English, enabling work with international documentation and regulations

Nice to have:

• Knowledge of industry standards, regulations, and best practices supported by completed training, courses, or certifications (ISO/IEC 27001, 22301, COBIT, ITIL, NIST, etc.)
• Practical experience in ICT incident management, including maintaining incident registers, supervising incident handling, and reporting incidents to regulators
• Knowledge of project management methodologies, change management, and software development tools and processes
• Experience in conducting audits and familiarity with audit methodologies in the areas of information security and business continuity

• Developing, updating, and maintaining IT Governance documentation in line with applicable regulations, standards, and internal policies
• Participating in IT risk analysis processes - identifying, evaluating, and preparing recommendations and mitigation plans related to information security and business continuity risks
• Supporting compliance processes, including interpreting and implementing legal requirements applicable to financial institutions (such as DORA) as well as IT and information security regulations (ISO standards, GDPR, and others)
• Cooperating on behalf of IT with the Legal and Compliance Departments during audits, inspections, and reviews related to information security and IT systems operations
• Supporting the monitoring of IT compliance in the areas of information security, business continuity, personal data protection, and regulatory requirements
• Cooperating with financial regulators across different regions worldwide to ensure organizational compliance with applicable financial regulations and laws
• Supporting IT teams in the execution of tasks and projects, proposing solutions aimed at improving systems by verifying technical possibilities and preparing documentation to ensure consistency with other systems
• Auditing and evaluating the effectiveness of internal policies, procedures, and documentation related to information security in accordance with legal regulations
• Supervising the incident management process, analyzing incidents, and ensuring timely and compliant reporting of incidents to regulators
• Preparing reports, analyses, and presenting the outcomes of conducted work