Information Security & Compliance Lead (m/w/d)

Polen

Full Time Senior-level / Expert USD 57K - 134K * ^est.

Asseco Solutions

View all jobs at Asseco Solutions

Apply now Apply later

Posted 8 hours ago

Deine Aufgaben

We are seeking an experienced Information Security & Compliance Lead to take ownership of our organization’s security governance, risk, and compliance programs. This role is critical in maintaining our ISO 27001 certification, strengthening our security posture, and ensuring regulatory compliance across all business functions. The ideal candidate will drive a culture of security and collaborate closely with internal stakeholders, control owners, and external partners to uphold robust security standards.

Maintain and continuously improve the ISO 27001 Information Security Management System (ISMS).
Collaborate with control owners to ensure timely and effective implementation of technical and organizational controls.
Lead and conduct internal audits, coordinate external audits, and manage audit findings to closure.
Drive and maintain a risk management process, including risk identification, assessment, treatment, and reporting.
Own and update security policies, procedures, and awareness programs across the organization.
Conduct vendor and third-party security assessments (including DPAs and security questionnaires).
Prepare and deliver risk and compliance reports for the Head of IT and the Board of Directors.
Monitor changes in relevant laws and regulations (e.g., GDPR, NIS2) and adjust practices accordingly.
Support incident response planning and exercises in cooperation with technical teams.
Collaborate with IT, Legal, HR, and other functions to ensure alignment on compliance requirements and initiatives.

Dein Profil

Proven experience (3+ years) in Information Security, Risk, or Compliance roles.
In-depth knowledge of ISO 27001 standards and certification process.
Experience conducting internal audits and managing external audits.
Familiarity with frameworks such as NIST, CIS, ITIL, or COBIT.
Strong understanding of risk management principles, data protection (e.g., GDPR), and regulatory compliance.
Excellent communication skills with ability to present to senior management and non-technical stakeholders.
Ability to work independently, influence others, and drive cross-functional initiatives.
Experience with GRC tools, vendor assessment platforms, or audit management tools is a plus.

Relevant certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or similar are preferred.

Unser Angebot

A diverse working environment in which you can contribute your own ideas and potential in the long term.
Intensive induction and development opportunities for your professional and personal development in our in-house training center, as well as support from a mentor.
Flat hierarchies and an open corporate culture that values teamwork and fun at work.
Flexible trust-based working hours with mobile office options and an attractive salary package including standard benefits (MultiSport, LuxMed, Life Insurance, etc.)
If you're in the office, we enrich everyday working life with coffee, drinks, company parties and team events.