Apply📍 Poland
💸 14700.0 - 25000.0 PLN per month
🔍 Software Development
- 5+ years of experience working in information security risk and/or compliance roles.
- Knowledge of common Information Security frameworks such as CIS, ISO 27001 & SOC 2
- Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure, Heroku, GCP)
- Work on the coordination and facilitation of Appfire’s security governance goals and initiatives
- Support our sales channels regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation.
- Conduct assessments related to vendor risk management and follow up on associated findings.
- Provide support and act as key stakeholder and lead of regulatory and compliance initiatives (e.g. ISO 27001, SOC2, GDPR, etc.).
- Identify, document, and track information security policy related non-conformities and assist in developing and monitoring corrective action plans.
- Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans.
- Assist in tracking information security risk acceptances and exceptions and monitoring the execution of remediation plans.
- Track and ensure adequate and timely resolution to all audit and risk assessment findings/issues relating to information security.
- Assist in the monitoring of business continuity (BC) and disaster recovery (DR) planning and testing.
- Develop control key performance indicators (KPI) to ensure compliance-related controls are operating to an acceptable tolerance level.
- Perform periodic compliance checks across the Appfire organization and develop and define associated metrics to allow clear visibility into Appfire governance, risk, and compliance status
- Work on the coordination and execution of integration plans for Appfire acquisitions.
- Moderate the annual review and update of information security related policies and processes.
- Participate in and manage annual security awareness campaigns.
- Evaluate and recommend GRC related technologies and solutions for future implementation.
- Handle sensitive and/or confidential material and information with suitable discretion
AWSProject ManagementCloud ComputingCybersecurityJiraCommunication SkillsAnalytical SkillsMicrosoft OfficeRESTful APIsComplianceProblem-solving skillsRisk ManagementConfluence
Posted 19 days ago
Apply