Senior Information Security Engineer
Tech Stack / Keywords
Firma i stanowisko
SmartRecruiters provides an AI-powered hiring platform used by over 4,000 companies worldwide, including LinkedIn, McDonald's, VISA, CD Projekt Red, and Allegro. In 2025, SmartRecruiters joined SAP to accelerate hiring innovation combining AI and SAP resources. The R&D structure uses empowered product teams with autonomy to solve business problems.
Wymagania
- 5+ years experience in information security, governance, risk, and/or compliance with a technical focus.
- Experience with at least one major compliance or auditing framework.
- Solid understanding of control auditing principles and evidence management.
- Knowledge of risk management methodologies and experience with risk assessments.
- Ability to manage multiple complex projects independently.
- Ability to investigate and interpret internal and external IT security and compliance issues at governance and technical levels.
- Strong understanding of technology, cloud-based products, and SaaS environments.
- Experience engaging cross-functional teams across business units and regions.
- Experience with ISO 27001.
- Excellent written and verbal communication skills in English.
Nice to have:
- Certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP.
- Experience with ISO 9001, 27017, 27018.
- Experience with ISO 22301 business continuity standards.
- Experience with cloud-specific compliance frameworks like BSI C5.
- Knowledge or experience with AI security, ISO 42001, and EU AI Act technical requirements.
- Technical understanding of cloud infrastructure (AWS preferred), networking, identity management, and SaaS security.
- Experience with enterprise risk management frameworks and tools.
- Understanding of threat modeling and secure development lifecycle (SDLC) principles.
- Hands-on experience with incident response and security incident investigations.
Obowiązki
Governance, Risk & Compliance:
- Identify and automate manual GRC processes such as evidence collection, control monitoring, and compliance reporting.
- Build and maintain automated workflows using compliance platforms, scripting, or integration tools.
- Develop reusable templates, playbooks, and standardized blueprints for GRC activities.
- Collaborate with engineering and IT teams to integrate security and compliance checks into toolchains and CI/CD pipelines.
- Continuously improve GRC tooling, data flows, and reporting.
- Manage stakeholder relationships and expectations concerning IT risks and compliance.
- Support the maintenance of SOC 2 Type II and ISO 27001, ISO 22301, ISO 42001 audit lifecycles and improvements.
- Support vendor risk management through third-party assessments and due diligence.
Business Continuity & ISO 22301:
- Act as subject matter expert or contributor to Business Continuity Management System (BCMS).
- Support Business Impact Analysis (BIA), BCP/DRP development, recovery exercises, and metrics.
AI Security & Compliance:
- Support AI-related security and compliance activities aligned with ISO 42001 and the EU AI Act.
- Collaborate with product and engineering teams to evaluate security controls for AI and ML features.
Benefity
- 100% remote work with Wi-Fi reimbursement and equipment stipend (MacBook provided).
- Unlimited vacation days.
- Private Medical Care for employee and dependents (Luxmed).
- Wellness program including Multisport Card.
- Company-wide shutdowns during August and Christmas.
Inne informacje
SmartRecruiters is an Equal Employment Opportunity and Affirmative Action employer and does not discriminate based on legally protected characteristics.
Data administrator is SmartRecruiters Inc. in Kraków. Candidate has rights regarding data access, correction, deletion, and processing restrictions. Providing mandatory data is obligatory for recruitment; refusal may prevent process continuation. Data processed for recruitment and potential future opportunities, with consent revocable anytime.
SmartRecruiters Inc.
13 aktywnych ofert