Senior Information Security Engineer

13.3k - 20k PLN/ mies.UoP
SeniorFull-time·Umowa o pracę
#388207·Dodano 2 dni temu·1
Źródło: nofluffjobs.com
Aplikuj teraz

Tech Stack / Keywords

ISO 27001GRCGDPRCloud securityAuditAI SecurityAWSCISACRISCCISSPISO 9001ISO 27017ISO 27018ISO 22301BSI C5

Firma i stanowisko

SmartRecruiters Inc. is a company providing an AI-powered hiring platform used by more than 4,000 companies, including LinkedIn, McDonald's, VISA, CD Projekt Red, and Allegro. In 2025, SmartRecruiters joined SAP, expanding its scale and resources. The R&D structure is based on empowered product teams responsible for business outcomes and autonomy in problem-solving.

Wymagania

  • 5+ years experience in information security, governance, risk, and/or compliance with a technical orientation.
  • Experience in compliance or auditing with at least one major framework.
  • Solid understanding of controls auditing principles and evidence management.
  • Knowledge of risk management methodologies and experience conducting or supporting risk assessments.
  • Ability to manage multiple complex projects with minimal supervision.
  • Capability to investigate and interpret IT security and compliance issues at governance and technical levels.
  • Strong understanding of technology, cloud-based products, and SaaS environments.
  • Experience collaborating across business units and geographical boundaries with engineering, business, and operational teams.
  • Experience with ISO 27001.
  • Excellent written and verbal communication skills in English.

Nice to have:

  • Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP.
  • Experience with ISO 9001, ISO 27017, and ISO 27018.
  • Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing.
  • Experience with BSI C5 or similar cloud-specific compliance frameworks.
  • Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act.
  • Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures.
  • Experience with enterprise risk management frameworks and tools.
  • Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles.
  • Hands-on incident response experience including security incident investigations, containment, and post-mortem processes.

Obowiązki

  • Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting.
  • Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness.
  • Develop reusable templates, playbooks, and standardized blueprints for recurring GRC activities, ensuring consistency and scalability.
  • Collaborate with IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines.
  • Continuously evaluate and improve GRC tooling, data flows, and reporting for operational efficiency.
  • Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations.
  • Maintain regional and local stakeholder relationships, meeting schedules, and reports.
  • Support maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support.
  • Manage ISO 27001 and ISO 22301 audit lifecycles and coordinate improvements for ISMS and BCMS.
  • Support maintenance and improvement of the ISO 42001 (AI Management System) framework aligned with the EU AI Act.
  • Support vendor risk management activities, including third-party security assessments and due diligence.
  • Serve as a subject matter expert for Business Continuity Management System (BCMS), supporting strategy, framework, and audit programs under ISO 22301.
  • Support Business Impact Analysis (BIA), BCP/DRP development, recovery exercises, and continuity metrics management.
  • Support AI security and compliance activities, including AI-related risk assessment and regulatory readiness under the EU AI Act.

Benefity

  • Sport subscription
  • Private healthcare
  • Small teams
  • International projects
  • Unlimited vacation days
  • Company shutdowns twice a year
  • Free coffee
  • Bike parking
  • Playroom
  • Shower
  • Free parking
  • In-house trainings
  • Modern office
  • Startup atmosphere
  • No dress code
  • Family events
  • Company parties
  • In-house hack days
Karta sportowa
Opieka zdrowotna
Szkolenia wewnętrzne
SmartRecruiters Inc.

SmartRecruiters Inc.

13 aktywnych ofert

Zobacz wszystkie oferty
Aplikuj teraz