IT Security Team Leader

XTB is a Polish brokerage house operating globally since 2005, offering access to thousands of financial instruments such as CFDs on currencies, commodities, stock indices, cryptocurrencies, as well as stocks and ETFs listed on major global exchanges. It holds a brokerage license issued by the Polish Financial Supervision Authority and is one of the largest FX and CFD brokers listed on the stock exchange worldwide. The company is distinguished by its innovative and award-winning xStation platform, fast and professional customer service, and a rich educational package with online courses for investors at every level of advancement.

• Experience as a manager or leader of a technical team, including managing work, goals, and employee development
• Broad technical knowledge in Blue Team (monitoring, incident handling), Red Team (penetration testing, vulnerabilities), AppSec (Secure SDLC, CI/CD)
• Ability to cooperate with business stakeholders, auditors, and development teams
• Knowledge of market regulations and security standards (ISO 27001, DORA, GDPR)
• Proficiency in long-term planning, defining KPIs, monitoring, and reporting results
• Good command of English sufficient for working with documentation and international regulations
• 5 years of experience in a similar position

Nice to have:

• Knowledge of industry standards, regulations, and best practices supported by training, courses, or certifications (ISO/IEC 27001, CEH, CISSP, CISM, etc.)
• Practical experience in managing ICT incident handling processes

• Implementing the cybersecurity strategy and supervising the operational work of the team
• Supporting team development: recruitment, onboarding, performance reviews, and creating development plans for team members
• Defining KPIs, quarterly goals, and metrics for the IT security area
• Overseeing the security monitoring process, alert handling, and SOC operations
• Managing ICT security processes and incidents, including ensuring compliance with requirements such as DORA
• Planning and supervising penetration tests covering infrastructure, networks, web solutions, mobile applications, cloud environments, and social engineering
• Overseeing the vulnerability management process and prioritizing vulnerabilities in a business context
• Supporting the threat modeling process from an attacker's perspective
• Defining and implementing Secure SDLC within the organization