Security Senior Expert (ICT Regulatory Compliance) & Business Partner

Your responsibilities:

• Act as a Group technical authority for ICT regulatory compliance (e.g. DORA, GDPR, PSD2, EBA guidelines).

• Ensure ongoing alignment of the ISMS with legal, regulatory and contractual obligations.

• Perform ICT compliance assessments, control effectiveness reviews and maturity evaluations.

• Identify compliance gaps and prioritise remediation actions in cooperation with IT, Risk and Security SMEs.

• Define, monitor and report compliance KPIs and KRIs at Group and local level.

• Act as Security Business Partner for the local market (Poland) and single point of contact for Information Security.

• Advise senior management on ICT and third party risk, control deficiencies and remediation plans.

• Provide senior oversight of major ICT and cyber incidents, including escalation, regulatory notification and post incident reviews.

• Lead interaction with local regulators and supervisory authorities on security related matters.

• Promote a strong cybersecurity and risk aware culture within the local organisation.

Our requirements:

• Proven experience in ICT security, technology risk and regulatory compliance within financial services.

• Strong knowledge of DORA, GDPR, PSD2, EBA guidelines and ICT risk frameworks.

• Hands on experience with ISMS design, implementation or oversight.

• Ability to interpret regulatory requirements and translate them into practical controls.

• Strong understanding of ICT, cloud, outsourcing and third party risk.

• Experience engaging with senior management, regulators and auditors.

• Very good spoken and written English (additional languages an advantage).

What we can offer:

• Stable employment – 93% of people are employed under an employment contract for an indefinite period.

• Safety – we have been on the Polish market for 29 years.

• Friendly work environment – we have received the Top Employer award 13 times in a row.

• Hybrid work – we usually meet in the office twice a week (Dworzec Gdański metro station).

• Extra 3 days of paid leave – if you use all your leave in a given calendar year.

• Private medical care with appointment guarantee service (Medicover).

• Full implementation under the supervision of a mentor, including a package of professional implementation training.

• Access to the development platform, including e-learning training, podcasts and webinars.

• Activities supporting development in the organization, e.g. the "Effective Manager" training series for people holding managerial positions.

• Business telephone (also for private use).

• Access to the ProviBenefity cafeteria platform, which is supplied with a monthly amount to be used, or subsidies for your Multisport card - you choose from 5 types of cards.

• Life insurance (UNUM Życie TUiR S.A.) on preferential terms.

• Christmas benefits and co-financing for the "Holidays under the pear tree" holiday for you and your children.

• Psychological support for employees, including: care of a psychologist (including children's), psychotherapist, dietician, coaching.

Departament

Departament IT Information Security, EHC

Lokalizacje

Biuro Główne

Tryb pracy

Hybrydowo

Tryb pracy

Praca hybrydowa

Ładowanie formularza aplikacji