Security Risk Officer

Company Description

Techland is one of the biggest video game companies in Poland, with over 30 years of experience in the gaming industry. From our studios in Wrocław and Warsaw, we’ve built an international team of more than 500 talented professionals, all dedicated to pushing the boundaries of game development.

We’re known for creating iconic franchises like Call of Juarez and the zombie genre-defining Dying Light, which has been played by over 45 million players worldwide. With a focus on open-world action, storytelling, and community engagement, we’re committed to delivering unforgettable experiences to our players.

We’re constantly striving to improve, innovate, and take on new challenges. With ambitious plans for the future, we’re looking for passionate people to be part of this exciting journey.

Job Description

Your daily tasks:

• Identifying, assessing, and monitoring risks related to IT, cybersecurity, data protection, and business continuity.

• Advising cross-functional teams on risk-aware decision-making in projects and operations.

• Coordinating audits, security reviews, compliance checks, and data protection impact assessments (DPIAs).

• Overseeing implementation and tracking of security, IT, and data governance controls.

• Maintaining risk registers, control matrices, and mitigation plans.

• Managing third-party risk through vendor assessments and reviews.

• Ensuring compliance with relevant standards and regulations (e.g., ISO 27001, GDPR, NIST).

• Supporting and coordinate incident response, including internal communication during critical events.

• Leading post-incident reviews and ensure integration of findings into risk management plans.

• Acting as liaison between Security, IT, Legal, and Executives during high-impact incidents.

Qualifications

• Proven experience in cybersecurity, IT governance or enterprise risk management.

• Familiarity with security frameworks (ISO 27001, NIST CSF, SOC 2) and risk management standards (e.g. ISO 31000).

• Understanding of security controls in cloud, endpoint, infrastructure and application environments.

• Experience participating in or coordinating security incident response efforts.

• Ability to assess business impact during security events and help prioritize response actions.

• Familiarity with incident response processes, escalation paths and post-incident reviews (RCA, lessons learned).

• Comfortable working under pressure and facilitating structured communication between stakeholders during incidents.

• Understanding of incident lifecycle, from detection to containment, recovery and root cause analysis.

• Excellent communication skills – ability to work across departments and present risk contextually.

• Comfortable with documentation, controls tracking, audit evidence and policy management.

• Solid understanding of GDPR and other data protection regulations.

• Very good command of English.

Nice to have:

• Professional certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor.

• Experience in conducting or supporting internal audits, risk assessments and compliance projects.

• Ability to map risks to business processes and help define tolerances with stakeholders.

• Participation in tabletop exercises or real-world security incident coordination.

• Knowledge of frameworks such as NIST CSF or SANS Incident Handling.

• Certification in incident response or cyber resilience (e.g. GCIH, ISO 27035).

• Background in security consulting, legal tech, or regulated industries (finance, healthcare, gaming).

• Familiarity with tools like Confluence, Jira, GRC platforms or risk dashboards.

Additional Information

What we can offer:

• A wide array of benefits: private medical care, life insurance, pro-health campaigns, gifts for different occasions.
• An outstanding work atmosphere in a highly-skilled team of professionals, with flexible working hours, no dress code, and full support of the dedicated HR Business Partner.
• Many opportunities for personal development: a dedicated development budget for each employee, extra two paid days for training and CSR, stable career paths, extensive internal and external training, and financing of English and Polish language classes.
• State-of-the-art offices filled with chillout zones, a fully equipped kitchen, a gym (Wrocław office), and a free car park (Warsaw limited amount of space).