Information Security Specialist
Poland
Silent Eight
At Silent Eight, we develop our own AI-based products to combat financial crimes that enable things like money laundering, the financing of terrorism, and systemic corruption. We’re a leading RegTech firm working with large international financial institutions such as Standard Chartered Bank and HSBC. Join us and help make the world a safer place!
Summary:
This position plays a crucial role in developing and maintaining strategic information security plans and risk management across the organisation. As a member of the GRC (Governance, Risk, Compliance) team, you will work with key stakeholders across the business, including C-suite, department representatives and our customers and suppliers. This is not a behind-the-scenes role; we are looking for someone who will help lead the implementation of an information security program and have a significant impact on setting the security strategy across the business.
Responsibilities:
- Contribute to the development of security assessments and training programs to improve risk culture (e.g. third-party security risk assessments, service/cloud assessments, security awareness and end-user training)
- Work towards minimising Shadow IT by ensuring measurement and evaluation of user adoption for global information protection measures and that any new requirements for such measures are met through collaboration with relevant functions and business units
- Plan, develop and maintain an ISMS (Information Security Management System)
- Work towards and guarantee continued compliance with ISO27001 standards
- Support our legal and sales teams in responding to information security requests from prospective customers and information security aspects during contract negotiations
- Monitor threat landscape, key risk indicators and critical controls to ensure that changes in the risk picture are captured and reported timely
- Provide risk metrics and performance data to support the central reporting of overall cyber risk posture
- Support the development of information assets inventory and vulnerability management program to ensure the assets and related threats are identified and remediated
- Write and assist in the review and approval of security-related documentation and support execution/follow-up of IT audits
- Collaborate with the IT team on the DLP rule development lifecycle, including policy development, response rules, and maintenance
Required Qualifications:
- Minimum 3 years of security-related work experience
- Experience in technology risk management with practical knowledge in designing, implementing, and testing controls in an international, fast-paced organisation
- In-depth familiarity with the ISO 27001:2013 and SOC2 standards
- Ability to maintain an Information Security Management System and oversee Security Awareness Programs
- Experience in conducting on-site audits and managing the entire lifecycle for risk treatment and corrective action plans
- Excellent English verbal and written communication skills
- Proactive, independent, and pragmatic team player with a high level of commitment and performance orientation
Preferred Qualifications:
- Formal information security certifications or qualifications (e.g. BSc or MSc in Information Security, CISSP, CISM, CRISC, ISO27001 Lead Implementer/Auditor)
- Knowledge of international compliance laws, rules, regulations, and risks
- Understanding of cloud-native and CI/CD environments; with the corresponding IAM and DLP solutions
- Experience managing multiple objectives, schedules, and deliverables
Salary:
Gross/Month B2B
11 000 – 16 000
Depending on experience
Our culture
You will be co-creating our business solutions
We believe that your feedback allows us to create the best solutions as well as adjusted work culture. You will have a real impact on the growth of the company and the product we develop.
Experienced team
We aren’t your run-of-the-mill tech start-up. At Silent Eight, everyone is a leader in their own field with perspective and experience shared across teams and departments.
Development-centric
Because learning never ends, we empower our employees to invest in themselves. We provide a range of resources such as paid Development Days, in-house training, lunch-and-learns, etc. to make sure our employees are continuing to grow each day.
Team building events
We know that our success is only possible if we work together as a team. We are a group of passionate individuals united by a common mission. Therefore we like to meet together regularly to connect not just as coworkers, but as human beings, whether it’s at an offsite in Dubai or a weekly “Tea Time” to catch up.
100% remote work forever
We are not new to working remotely. In fact, we’ve been doing it since 2013 and we know how to make you feel supported, connected, and included. We believe that the freedom to choose where you work from is important to finding the journey that is right for you.
Don’t wait! Join our team today!
Silent Eight is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or other classification protected by applicable federal, state or local law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits C CI/CD CISM CISSP Cloud Compliance CRISC Governance IAM ISMS ISO 27001 Risk assessment Risk management Security assessment Security strategy SOC 2 Strategy Vulnerability management
Perks/benefits: Career development Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs