Audytor/Audytorka IT/OT

COIG S.A. is a company located in Katowice, offering services related to IT/OT security audits and compliance with security standards and regulations.

• Experience in IT/OT audits (minimum 1–2 years).
• Very good knowledge of ISO 27001 and ISO 22301 standards.
• Lead Auditor certification for ISO 27001 and/or ISO 22301.
• Practical knowledge of the NIS2 Directive and current and upcoming requirements of the KSC Act.
• Knowledge of cybersecurity processes, incident management, risk analysis, and OT/ICS environments.
• Ability to collaborate with technical and business teams.
• Analytical skills and ability to create clear documentation.

Nice to have:

• Certifications such as CISA, CISSP, IEC 62443, CRISC.
• Experience in regulatory or implementation projects related to NIS2/KSC.

• Conduct security audits in IT and OT areas for both external clients and internal purposes.
• Verify compliance with ISO 27001 and ISO 22301 standards.
• Perform risk analyses according to ISO 27005, NIS2, and KSC.
• Create, update, and maintain ISMS documentation including policies, procedures, and instructions.
• Analyze and assess compliance with NIS2 requirements, including risk management processes, incident reporting, and technical and organizational measures.
• Support organizational adaptation to KSC requirements, including classification processes, incident reporting, and cybersecurity measures.
• Identify risks and prepare recommendations for corrective actions in IT/OT environments.
• Prepare audit reports and present audit results to business and technical stakeholders.
• Assist technical teams in implementing security mechanisms and legally required measures.
• Develop new procedures and standards in cooperation with stakeholders.
• Monitor changes in NIS2 and KSC regulations and market best practices.

The data controller responsible for personal data processing is WASKO S.A. located in Gliwice. Personal data will be processed for recruitment purposes in compliance with applicable laws. Consent for data processing can be withdrawn at any time. Personal data will be stored until the recruitment process ends or for 12 months if consent is given for future recruitments. No automated decision-making or profiling will be performed.