Security & Compliance Leader

About FOTC

Were FOTC a team of cloud enthusiasts helping companies get the most out of Google Cloud and Google Workspace. Whether its moving to the cloud building smarter workplaces using AI or just making everyday work easier — were here for it.
Weve been around for over 10 years and in that time weve worked with more than 6500 companies in 50 countries. Big names small teams startups scaleups you name it. From our offices in Wrocław Warsaw Bucharest Budapest or from wherever were working remotely we help businesses grow with the right tech.
Were a Google Cloud Premier Partner but more than that — were people who genuinely like solving problems testing new ideas and turning complex stuff into simple solutions.

What we believe in
We believe work should make sense — not just on paper but in real life. That means innovation partnership responsibility flexibility & adaptation transparency and a team you can count on. We support each other share what we know and celebrate wins (big and small).
If youre someone who likes figuring things out isnt afraid to take initiative and wants to work with tech that actually makes a difference — you might just find your place with us.
Because at FOTC its not just about cloud. Its about people.

Your responsibilities will include:

End-to-end security of the cloud and user environments (GCP/AWS Google Workspace) prevention detection response compliance (SOC 2 ISO 27001 PCI DSS NIS2) privacy and business continuity.

Scope of Accountability

Security Program

• Security/GRC Strategy and Roadmap; policies standards controls; asset & data classification.
• Risk Register TPM (Third-Party Management) BCP/DR (Business Continuity Plan/Disaster Recovery); privacy by design (in cooperation with DPO/Legal).

Cloud & Platform Security

• Hardening GCP/AWS (IAM networking WAF KMS/HSM DLP Secret Mgmt) CSPM/CNAPP; scanning IaC/containers in CI/CD.
• Observability & logging: log export to SIEM (e.g. Chronicle/BigQuery) detection and SOAR playbooks.

Google Workspace Security (in-depth)

• Identity & Access: Configuring SSO (SAML/OIDC) with IdP SCIM/automated role assignment Context-Aware Access (BeyondCorp) MFA/Passkeys policies OAuth restrictions (app access control) 3rd-party token blocklists.
• Email & Domains: SPF DKIM DMARC (pquarantine/reject) MTA-STS TLS-RPT BIMI; routing and quarantine rules; BEC/impersonation protection; S/MIME (optionally CSE).
• DLP & Data Protection: DLP policies for Gmail/Drive/Chat Drive labels/classification data regions Client-Side Encryption (CSE) where required (e.g. legal department).
• Monitoring & IR: Alert Center and Security Center (risk dashboard recommendations) alert flow to SIEM/SOAR; IR playbooks for phishing/BEC/stolen sessions/OAuth abuse.
• Compliance & eDiscovery: Google Vault (retention hold eDiscovery) legal holds audits (Admin SDK Reports API) preparation of evidence for SOC 2/ISO/PCI/NIS2.
• Endpoint & Browsers: Google Endpoint Management (Android/iOS/Windows/macOS) Chrome Enterprise policies (extensions allowlist/blocklist safe browsing download protection password alerts) data isolation (managed profiles).
• Automation: Admin SDK (Directory/Reports) GAM/gamADV-XTD Apps Script; automated response (e.g. revoke tokens reset sessions).

Detection and IR

• Design and operation of a lightweight SOC (SIEM/SOAR/EDR) 24/7 on-call procedures (lightweight) tabletop exercises RCA (Root Cause Analysis).

DevSecOps & AppSec

• SAST/SCA/DAST IaC scanning SBOM supply-chain signed artifacts secret scanning threat modeling.

Training & Culture

• Awareness program (phishing drills) secure coding policies for using Workspace and devices.

Management

• Leading a small SecOps/AppSec/GRC team; budget; cooperation with Head of Cloud/CTO DevOps Data Legal DPO.

Requirements:

• 610 years in cybersecurity; min. 3 years in cloud security (GCP/AWS/AZURE) and min. 2 years of practical Google Workspace Security experience (Enterprise/Enterprise Plus).
• Documented implementation/maintenance: DMARC/SPF/DKIM MTA-STS/TLS-RPT DLP (Gmail/Drive) Vault (retention/holds) Alert/Security Center Context-Aware Access SSO (SAML/OIDC) SCIM OAuth app controls Endpoint Management Chrome Enterprise.
• Experience in audits and compliance delivery: SOC 2 ISO 27001 PCI DSS NIS2 (gap-analysis evidence remediation).
• Practical experience: SIEM/SOAR EDR WAF DLP KMS/HSM CSPM/CNAPP; CI/CD security (SAST/SCA/IaC).
• Strong IR skills (triage containment high-level forensics) also for Workspace incidents (phishing/BEC/OAuth abuse).
• Certifications: CISSP (required) CEH (required or equivalent). Plus desirable: CISM CCSP OSCP PCI ISA/QSA.
• Polish and English negotiation level; ability to write policies/standards.

Desirable:

• GCP/AWS/AZURE certifications (Professional/Spec) Terraform/Kubernetes security Istio/mesh.
• Experience with Chronicle SIEM BigQuery Looker Studio for security reporting.
• Wiz/Prisma/Lacework (CNAPP) CrowdStrike/SentinelOne (EDR) XSOAR/Tines (SOAR) HashiCorp Vault.

We offer:

• compensated days without service delivery obligation (up to 31!)
• UNUM group insurance
• private medical care and sport card
• cooperation from our office in Rynek in Wrocław (Św. Mikołaja) / Przeskok in Warsaw
• company retreats abroad or in Poland once a year (bonding time yeah!)
• company equipment provided
• budget for your training and development
• access to Google Cloud Skills Boost platform

We strive to protect your personal data. The information below contains details of the processing of personal data as part of the recruitment process.
The administrator of your personal data is the company indicated in the announcement i.e. Fly On The Cloud sp. z o.o. established in Wrocław postal code no. 50-125 ul. Świętego Mikołaja 8-11 entered into the Register of Entrepreneurs managed by the District Court for Wrocław-Fabryczna in Wrocław VI Commercial Division of the National Court Register under Registry no. Tax Identification Number (NIP): .
Purpose of data processing
Your personal data will be processed in order to carry out the recruitment process.
The basis for data processing
The basis for the processing of your personal data by the Company in order to carry out the recruitment process is 6.1a (consent) and 6.1f (legitimate interest) REGULATION no. 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE EU COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free exchange of such data and repealing Directive 95/46 / EC (GDPR).
We process your personal data only for the purpose of recruitment indicated in the job offer and for the purposes of future recruitment if you have given your consent in your application.
You have the right to withdraw your consent at any time this will not affect the lawfulness of the process which was carried out based on consent before its withdrawal. Providing personal data is not mandatory but necessary to carry out the recruitment process.
Data processing period
We process your personal data in order to recruit for the position indicated in the advertisement for a period of 1 year from the moment of receiving your application. After this time the data may be processed for a period corresponding to the period of limitation of claims (as in applicable law) which may be raised by the administrator and which may be raised against the administrator.
Your rights
You have the right to request the administrator to give you access inspect your personal data rectify them delete (in the event of the circumstances provided for in clause 17 of the GDPR - the right to be forgotten) or limit processing (in the cases specified in clause 18 of the GDPR) the right to withdraw consent in the event of its expression and submission of a complaint to the supervisory body (President of the Office for Personal Data Protection ul. Stawki 2 00-193 Warsaw).
Contact
If you have any questions you can contact us:

• via e-mail:
• via post to the following address: ul. Świętego MikołajaWrocław.