Information Security Officer (Compliance Assurance)

Salary

up to 14800 PLN

gross per month (employment)

up to 120 PLN

+VAT (B2B) per hour

Location

Wroclaw

Experience

Regular
Apply now

Active job offers

Information Security Officer (Compliance Assurance)

  • Other

Requirements

  • Professional experience with ISO27001
  • +3 years of experience in Information Security related roles
  • Familiarity with GDPR, NIS2, CRA
  • Familiarity with TISAX
  • Fluent English

Project Description

Main responsibilities

  • Conduct internal ISO/IEC 27001 audits, preparing for external audits, and maintaining ISO/IEC 27001 certification.
  • Support the maintenance of Spyrosoft Integrated Management System to ensure compliance with implemented standards and regulations.
  • Identify, analyze, and document compliance gaps, proposing and overseeing remediation efforts.
  • Draft, review, and update security policies, standards, and procedures to reflect changes in regulatory requirements and best practices
  • Participate in processes reviews, improvement initiatives
  • Prepare and present detailed reports on compliance status, audit findings, and mitigation progress for both internal and client environments.
  • Provide consultancy to clients on compliance with security standards and regulation.
  • Conduct security assessments within the client’s environment to evaluate compliance and security controls, providing actionable recommendations for improvement.
  • Serve as a trusted advisor to clients, responding to queries, supporting their compliance journey

Position requirements

Technical Skills
  • 3+ years of experience in information security, compliance, or risk management roles, preferably in a IT industry.
  • In-depth knowledge of ISO/IEC 27001 and InfoSec-related regulations (GDPR, NIS2, CRA)
  • Proven experience in conducting ISO/IEC 27001 audits (full scope) and maintaining an ISMS (controls assessment, nonconformity and corrective actions management, improvement actions facilitation)
  • Strong knowledge of GDPR requirements and best practices for data protection.
  • Familiarity with the NIS2 Directive
  • Familiarity and understanding of security tools like Firewall, WAF, EDR, SIEM, IDS/IPS, DLP, Vulnerability Scanners
  • Familiarity and experience with TISAX would be an advantage
  • Familiarity and experience in working with other ISO-based Management Systems would be an advantage
  • Fluent English

Soft Skills

  • Strong analytical skills, with a keen eye for detail and a proactive approach to problem-solving.
  • Excellent communication skills, with the ability to clearly explain complex compliance requirements to technical and non-technical stakeholders.
  • Can-do attitude and willingness to learn
  • Ability to work independently and manage multi-contextual assignments
  • Strong ethical standards and commitment to maintaining the confidentiality and integrity of sensitive information. Nice to have:
  • ISO/IEC 27001 Lead auditor certification
  • CISA certification

Benefits

More reasons to work with us

add_home_work

Work from home or the office

Depending on the position, you can work remotely, from the office or in a hybrid model.

sync_saved_locally

Top-of-the-line equipment

We provide the equipment that best suits your needs and the requirements of your role.

redeem

Training budget

Use your personal training budget to gain new skills and knowledge.

diversity_2

Internal initiatives

Take part in our knowledge-sharing meetups organised by and for tech enthusiasts.

stethoscope

Private health insurance

Keep your health in check with easy access to medical professionals.

Recruitment process

It only takes a few steps

Different roles have different requirements, so the recruitment process depends on the specific position you are applying for.

quick_reference_all

Checking your CV

We read every resume we receive carefully. If you meet our requirements, we will call you to learn more about your expertise and needs.
psychology

Evaluating your qualifications

After an initial phone call, we check your skills with a task related to your position and provide you with feedback afterwards.
sms

Making an appointment

The next step is a meeting at our office or online, where you can learn more about the team and our work culture from a Spyrosoft manager and/or partner.
task_alt

Getting the answer

At Spyrosoft, we contact every person participating in the recruitment process. Upon acceptance, we will provide a list of the next steps.

Meet the recruiter

Ola Surmińska Spyrosoft

Building a new team is a puzzle, there’s no room for mistakes.

Aleksandra Surminska

Senior Recruitment Specialist

Meet the recruiter

Paulina Darnowska Spyrosoft

Submitted application is the very beginning of your adventure at Spyrosoft. We support you at its every stage.

Paulina Darnowska

Senior Recruitment Specialist

arrow_back
arrow_forward

CONTACT OUR RECRUITMENT TEAM

Apply for
Information Security Officer (Compliance Assurance)

If this offer seems to be perfect for you - don't wait, send us your CV

    Please note that we accept PDF, .doc, .docx or .odt format only.

    By agreeing to one of the following statements, I confirm that I provide my data voluntarily and accept the information contained in the Communication.
    See Communication text
    At the same time, I declare that I voluntarily provide my personal data and I acknowledge that the Controller of my personal data is Spyrosoft S.A. with its registered office in Wrocław, Plac Nowy Targ 28, the recipients of my data can be companies related with the Data Controller: in particular:
    a) dominant companies within the meaning of art. 4 § 1 point 4 of the Commercial Companies Code of 15 September 2000,
    b) affiliated companies within the meaning of art. provisions of the Commercial Companies Code of 15 September 2000,
    c) companies associated personally with the Administrator, i.e. those in which persons discharging functions in the Administrator's bodies hold at least 20% of votes or shares,
    as well as the Customers of these companies or the entities providing services in favour of the Data Controller who may act as data controllers and processors and my personal data shall be processed pursuant to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, pursuant to Art. 6 (1) (a) of this Regulation, during the period not exceeding 6 months

    At the same time, I acknowledge that I have the right to access and rectify my personal data, its erasure, limitation of processing, the right to object to the processing of data, the right to transfer data, the right to withdraw the consent at any time (without impact on the lawfulness of the processing carried out before the withdrawal), as well as the right to lodge a complaint to a supervisory body. Withdrawal of the consent and willingness to exercise other rights can be reported via e-mail: rodo@spyro-soft.com or by post to the following address: Spyrosoft S.A., Plac Nowy Targ 28, 50-141 Wrocław.

    I acknowledge that personal data is not subject to the automated decision making, including profiling.