Senior Information Security Engineer
13.3k - 20k PLN13 300 - 20 000 PLN/ mies.UoP
SeniorFull-time·Umowa o pracę
#388207·Dodano 2 dni temu·1
Źródło: nofluffjobs.comTech Stack / Keywords
ISO 27001GRCGDPRCloud securityAuditAI SecurityAWSCISACRISCCISSPISO 9001ISO 27017ISO 27018ISO 22301BSI C5
Firma i stanowisko
SmartRecruiters Inc. is a company providing an AI-powered hiring platform used by more than 4,000 companies, including LinkedIn, McDonald's, VISA, CD Projekt Red, and Allegro. In 2025, SmartRecruiters joined SAP, expanding its scale and resources. The R&D structure is based on empowered product teams responsible for business outcomes and autonomy in problem-solving.
Wymagania
- 5+ years experience in information security, governance, risk, and/or compliance with a technical orientation.
- Experience in compliance or auditing with at least one major framework.
- Solid understanding of controls auditing principles and evidence management.
- Knowledge of risk management methodologies and experience conducting or supporting risk assessments.
- Ability to manage multiple complex projects with minimal supervision.
- Capability to investigate and interpret IT security and compliance issues at governance and technical levels.
- Strong understanding of technology, cloud-based products, and SaaS environments.
- Experience collaborating across business units and geographical boundaries with engineering, business, and operational teams.
- Experience with ISO 27001.
- Excellent written and verbal communication skills in English.
Nice to have:
- Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP.
- Experience with ISO 9001, ISO 27017, and ISO 27018.
- Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing.
- Experience with BSI C5 or similar cloud-specific compliance frameworks.
- Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act.
- Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures.
- Experience with enterprise risk management frameworks and tools.
- Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles.
- Hands-on incident response experience including security incident investigations, containment, and post-mortem processes.
Obowiązki
- Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting.
- Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness.
- Develop reusable templates, playbooks, and standardized blueprints for recurring GRC activities, ensuring consistency and scalability.
- Collaborate with IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines.
- Continuously evaluate and improve GRC tooling, data flows, and reporting for operational efficiency.
- Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations.
- Maintain regional and local stakeholder relationships, meeting schedules, and reports.
- Support maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support.
- Manage ISO 27001 and ISO 22301 audit lifecycles and coordinate improvements for ISMS and BCMS.
- Support maintenance and improvement of the ISO 42001 (AI Management System) framework aligned with the EU AI Act.
- Support vendor risk management activities, including third-party security assessments and due diligence.
- Serve as a subject matter expert for Business Continuity Management System (BCMS), supporting strategy, framework, and audit programs under ISO 22301.
- Support Business Impact Analysis (BIA), BCP/DRP development, recovery exercises, and continuity metrics management.
- Support AI security and compliance activities, including AI-related risk assessment and regulatory readiness under the EU AI Act.
Benefity
- Sport subscription
- Private healthcare
- Small teams
- International projects
- Unlimited vacation days
- Company shutdowns twice a year
- Free coffee
- Bike parking
- Playroom
- Shower
- Free parking
- In-house trainings
- Modern office
- Startup atmosphere
- No dress code
- Family events
- Company parties
- In-house hack days
Karta sportowa
Opieka zdrowotna
Szkolenia wewnętrzne
SmartRecruiters Inc.
13 aktywnych ofert