Security Risk Officer

Your daily tasks:

• Identifying assessing and monitoring risks related to IT cybersecurity data protection and business continuity.

• Advising cross-functional teams on risk-aware decision-making in projects and operations.

• Coordinating audits security reviews compliance checks and data protection impact assessments (DPIAs).

• Overseeing implementation and tracking of security IT and data governance controls.

• Maintaining risk registers control matrices and mitigation plans.

• Managing third-party risk through vendor assessments and reviews.

• Ensuring compliance with relevant standards and regulations (e.g. ISO 27001 GDPR NIST).

• Supporting and coordinate incident response including internal communication during critical events.

• Leading post-incident reviews and ensure integration of findings into risk management plans.

• Acting as liaison between Security IT Legal and Executives during high-impact incidents.

Qualifications :

• Proven experience in cybersecurity IT governance or enterprise risk management.

• Familiarity with security frameworks (ISO 27001 NIST CSF SOC 2) and risk management standards (e.g. ISO 31000).

• Understanding of security controls in cloud endpoint infrastructure and application environments.

• Experience participating in or coordinating security incident response efforts.

• Ability to assess business impact during security events and help prioritize response actions.

• Familiarity with incident response processes escalation paths and post-incident reviews (RCA lessons learned).

• Comfortable working under pressure and facilitating structured communication between stakeholders during incidents.

• Understanding of incident lifecycle from detection to containment recovery and root cause analysis.

• Excellent communication skills ability to work across departments and present risk contextually.

• Comfortable with documentation controls tracking audit evidence and policy management.

• Solid understanding of GDPR and other data protection regulations.

• Very good command of English.

Nice to have:

• Professional certifications such as CRISC CISSP CISA or ISO 27001 Lead Auditor.

• Experience in conducting or supporting internal audits risk assessments and compliance projects.

• Ability to map risks to business processes and help define tolerances with stakeholders.

• Participation in tabletop exercises or real-world security incident coordination.

• Knowledge of frameworks such as NIST CSF or SANS Incident Handling.

• Certification in incident response or cyber resilience (e.g. GCIH ISO 27035).

• Background in security consulting legal tech or regulated industries (finance healthcare gaming).

• Familiarity with tools like Confluence Jira GRC platforms or risk dashboards.

Additional Information :

What we can offer:

• A wide array of benefits: private medical care life insurance pro-health campaigns gifts for different occasions.
• An outstanding work atmosphere in a highly-skilled team of professionals with flexible working hours no dress code and full support of the dedicated HR Business Partner.
• Many opportunities for personal development: a dedicated development budget for each employee extra two paid days for training and CSR stable career paths extensive internal and external training and financing of English and Polish language classes.
• State-of-the-art offices filled with chillout zones a fully equipped kitchen a gym (Wrocaw office) and a free car park (Warsaw limited amount of space).

Remote Work :

No

Employment Type :

Full-time