Security Engineer (ISO 27001)
Tech Stack / Keywords
Firma i stanowisko
creativestyle is a Polish-German company with over 25 years of experience creating e-commerce solutions. It employs over 100 people passionate about technology, mostly based in Poland (Kraków and Rybnik) with connections to Germany (Munich and Hamburg). The company focuses on ambitious projects for mainly DACH clients, using tools like Slack, Jira, and Confluence, and communicating in English, German, and Polish.
Wymagania
- Expertise in IT Security and ISO 27001 implementation
- Experience with ISMS/GRC, risk management, and security policy development
- Ability to operate and support certification audits
- Skills in incident response, vulnerability management, and security monitoring
- Experience with MDM/EDR solutions, specifically for macOS
- Familiarity with secure SDLC processes including SAST and SCA in CI/CD
- Collaboration skills with cross-functional teams including HR, IT, and Office Crew
- Comfortable working in hybrid model based in Kraków or remotely within Poland with regular office visits
Nice to have:
- Familiarity with security tools such as GitLab
- Experience with centralized logging and monitoring systems
Obowiązki
ISMS OPERATIONS (~60%):
- Own and operate risk management process including risk workshops, Risk Register, and Risk Treatment Plan
- Prepare Statement of Applicability (SoA)
- Write, maintain and review security policies and procedures
- Collect and organise audit evidence and execute ISMS Operational Calendar activities
- Lead certification audit preparation and support audits
- Manage customer security questionnaires and supplier security reviews
- Run the security awareness programme with HR
- Own the security roadmap, priorities, budget input, and future hires
TECHNICAL IMPLEMENTATION (~40%):
- Rollout and administer MDM/EDR (macOS ABM, configuration baselines, full-disk encryption) with IT team
- Harden and monitor self-hosted GitLab; manage centralized logging, monitoring, and vulnerability management
- Build incident response procedure, coordinate incident handling, conduct post-mortems
- Support secure SDLC (SAST/SCA in CI/CD, secrets management) alongside technology teams
- Manage physical office security (access control, monitoring) with Office Crew
Benefity
- Employment contract (UoP) with a salary range of PLN 20,000 - 27,000 gross
- Option to discuss B2B cooperation
- Home office flexibility
- PLN 3,000 annual training budget plus language courses
- MacBook Pro and necessary tools with a big monitor
- Private healthcare (Medicover) and Multisport Plus subscription
- Access to gym facilities at offices
- Office amenities including game consoles, billiards/ping-pong league, and themed monthly lunches
- Stylish loft office with rooftop and easy access by bike, tram, or train
- Various additional benefits and a supportive atmosphere
Inne informacje
Zgodnie z art. 7 ust. 2 RODO wyrażam wyraźną i dobrowolną zgodę na przetwarzanie moich danych osobowych zawartych w dokumentach aplikacyjnych, w tym w Curriculum Vitae (CV) przez Creativestyle Polska Sp. z o.o. z siedzibą w Krakowie, w celu niezbędnym do realizacji procesu rekrutacji. Zastrzegamy sobie możliwość kontaktu jedynie z wybranymi kandydatami do rozmów kwalifikacyjnych oraz prawo powiadamiania o podjętej decyzji w sprawie końcowego rozstrzygnięcia jedynie wybranego kandydata.
creativestyle
Pracodawca