CrawlJobs Logo
SmartRecruiters Logo SmartRecruiters · IT - Administration

Senior Information Security Specialist

Poland · Job Posted May 27, 2026
Apply Position
Job Link Share

Job Description

SmartRecruiters is looking for a Senior Information Security Specialist to join the Governance, Risk & Compliance (GRC) team. This role is critical to ensuring that SmartRecruiters' applications, systems, and processes remain compliant with industry standards and regulatory requirements, including ISO 27001, ISO 22301, ISO 42001, SOC 2 Type II, Cyber Essentials, GDPR, and the EU AI Act. The successful candidate will combine strong GRC expertise with a technical, engineering mindset - someone who can drive compliance programmes across multiple frameworks while also stepping into complex technical topics such as business continuity, AI security, and cloud compliance. Critically, this is not a purely audit-focused role; we need someone who can dig into technical details, assess security architectures, support forensic investigations, build automation to replace manual processes, and provide hands-on guidance to engineering and security teams. A core part of this role is identifying opportunities to engineer scalable, repeatable solutions, from compliance evidence collection to policy enforcement, rather than relying on manual effort.

Job Responsibility

  • Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting
  • Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness
  • Develop reusable templates, playbooks, and standardised blueprints for recurring GRC activities (e.g., vendor assessments, internal audits, risk reviews) to ensure consistency and scalability
  • Collaborate with engineering and IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines where applicable
  • Continuously evaluate and improve GRC tooling, data flows, and reporting to drive operational efficiency across the team
  • Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations
  • Maintain regional and local stakeholder relationships, meeting schedules, minutes, and reports
  • Support the maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support
  • Effectively manage ISO 27001 and ISO 22301 audit lifecycles and coordinate with stakeholders on ISMS and BCMS improvements
  • Support the maintenance and continuous improvement of the ISO 42001 (AI Management System) framework in alignment with the EU AI Act
  • Support vendor risk management activities, including third-party security assessments and due diligence reviews
  • Serve as a subject matter expert or key contributor for the Business Continuity Management System (BCMS), supporting the strategy, framework, and audit programme under ISO 22301
  • Support Business Impact Analysis (BIA), BCP/DRP development, recovery exercises, and continuity metrics management
  • Support AI security and compliance activities, including the assessment of AI-related risks, alignment with ISO 42001 controls, and regulatory readiness under the EU AI Act
  • Collaborate with product and engineering teams to evaluate security controls for AI/ML features and services

Requirements

  • 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation
  • Demonstrated compliance or auditing experience with at least one major framework
  • Hands-on experience with incident response - including participation in security incident investigations, containment, and post-mortem processes
  • Solid understanding of controls auditing principles and evidence management
  • Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures
  • Knowledge of risk management methodologies and experience conducting or supporting risk assessments
  • Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision
  • The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level
  • A strong understanding of technology, cloud-based products, and SaaS environments
  • Experience working across business units and geographical boundaries to engage engineering, business, and operational teams
  • Experience with ISO 27001
  • Excellent written and verbal communication skills in English

Nice to have

  • Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP, or equivalent
  • Experience with ISO 9001, 27017, and 27018
  • Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing
  • Experience with BSI C5 (Cloud Computing Compliance Criteria Catalogue) or similar cloud-specific compliance frameworks
  • Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act and its technical requirements
  • Experience with enterprise risk management frameworks and tools
  • Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles
SmartRecruiters - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Information Security Specialist

8 matching positions

Senior Information Security Specialist

As a Senior Information Security Specialist, you will play a critical role in pr...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience
  • Minimum 7 years of experience in information security, IT risk management, or related roles, preferably in federal or state government environments
  • Strong knowledge of federal cybersecurity frameworks including NIST SP 800-53, OWASP Top 10, DISA STIGs, and Common Criteria
  • Hands-on experience with networking concepts, system administration, and software development practices
  • Proficiency in using Splunk or comparable SIEM tools for security event monitoring, audit log analysis, and incident response
  • Experience working within Agile or Scaled Agile Framework (SAFe) teams and integrating security in fast-paced development environments
  • Excellent communication skills with the ability to convey complex security concepts to technical and non-technical audiences
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead comprehensive reviews of management, operational, personnel, and technical security controls to verify their effectiveness during all phases of the system lifecycle
  • Identify, evaluate, and mitigate technical and operational security risks, threats, vulnerabilities, and weaknesses across diverse information systems
  • Drive compliance efforts with government standards and industry best practices, including NIST, OWASP, Common Criteria, DISA, and SANS Institute guidelines
  • Collaborate within Agile development teams to integrate security throughout the software development lifecycle, supporting secure design, testing, and deployment
  • Utilize hands-on expertise in networking, system administration, and software development to analyze security impacts and recommend improvements
  • Oversee audit log reviews and system alerting using Splunk or similar SIEM platforms to detect, investigate, and respond to security incidents
  • Communicate security findings clearly and effectively to technical teams and leadership, fostering a culture of security awareness and continuous improvement
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Senior Information Security Specialist

As a Senior Information Security Specialist, you will play a critical role in sa...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent professional experience)
  • Minimum 7 years of experience in information security, IT risk management, or cybersecurity compliance, preferably in a federal or state agency environment
  • Demonstrated experience applying and interpreting NIST 800-53, OWASP, and DISA STIGs in real-world projects
  • Strong hands-on technical background in networking, system administration, or software development
  • Proficiency with SIEM tools—especially Splunk—for event correlation, alerting, and compliance reporting
  • Familiarity with Agile development environments and DevSecOps principles
  • Strong written and verbal communication skills, with the ability to create reports and briefings for technical and non-technical stakeholders
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead comprehensive reviews of management, operational, personnel, and technical controls throughout the system development lifecycle (SDLC)
  • Identify and assess emerging security risks, weaknesses, and vulnerabilities associated with infrastructure, applications, and operations
  • Collaborate with developers and engineers to ensure identified risks are mitigated and documented effectively
  • Ensure compliance with federal and industry security standards including NIST SP 800-53, OWASP Top 10, Common Criteria, DISA STIGs, and SANS Institute recommendations
  • Support and contribute to Authorization to Operate (ATO) packages, including preparation of SSPs, POA&Ms, and continuous monitoring (ConMon) artifacts
  • Advise on policy alignment and security architecture improvements to support secure Agile delivery
  • Apply technical knowledge of networking, system administration, and development to assess the security posture of enterprise environments
  • Utilize Splunk to perform audit log analysis, generate system alerts, and support threat hunting and incident response activities
  • Recommend and implement automated logging, monitoring, and security reporting processes
  • Engage proactively with Agile development teams, product owners, and ISSOs to embed security into project planning and delivery
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Information Security Senior Specialist

The Cyber Defense & Incident Responder is responsible for monitoring, analyzing,...
Location
Location
United States , Merrifield
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in information technology, cybersecurity, data science, information systems, or computer science
  • Education Equivalency: One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
  • Minimum 6 years of experience in Information Technology (IT) and/or Information Security (IS)
  • DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding
  • Ability to obtain a interim Secret Security Clearance and must be eligible for a Top-Secret clearance if requested
Job Responsibility
Job Responsibility
  • Monitor enterprise security systems and analyze alerts to identify potential cybersecurity incidents
  • Perform initial triage and analysis of security events to determine scope, severity, and urgency
  • Execute incident response actions in accordance with established procedures
  • Document and communicate incident findings to support resolution and improvement efforts
  • Maintain SOC processes, tools, and playbooks to ensure effective incident handling
  • Participate in training, exercises, and knowledge-sharing to strengthen response readiness
  • Stay informed on current and emerging cyber threats relevant to the organization’s environment
Read More
Arrow Right

Information Security Senior Specialist

The Information Security Senior Specialist role involves analyzing security requ...
Location
Location
Brazil , Sao Paulo; Itaqui; Itapevi
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep knowledge of GPO and AD
  • Fortigate firewall configuration
  • Fortigate firewall knowledge
  • Hands on
  • Implement remediation needed
  • Knowledge of Crowdstrike
  • Knowledge of Qualys
  • Knowledge of RSA MFA application
  • Knowledge of traffic analysis technicals
  • Knowledge of traffic routes and protocols
Job Responsibility
Job Responsibility
  • Gather & Analyze Requirements of – System, Capabilities, Users, Roles, Processes & Data and Document them in Customer accepted formats/ Templates
  • Collaborate with team members and participate in designing optimum solution for the signed off requirements
  • Receive demands related to information security and apply them in the computing environment
  • Fulltime
Read More
Arrow Right

Senior Business Information Security Specialist

The InfoSec team at JET is scaling its security partnership and vendor assurance...
Location
Location
United Kingdom
Salary
Salary:
Not provided
justeattakeaway.com Logo
Just Eat Takeaway.com
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to execute security risk assessments and vendor reviews end-to-end, including evidence collection, gap analysis, and documented findings
  • Working knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls applied in a product or engineering context
  • Ability to communicate security risk clearly to both technical and non-technical audiences, without defaulting to jargon or compliance-speak
  • Familiarity with GRC concepts including risk management, controls design, and third-party assurance, gained through hands-on practice rather than solely policy work
  • Comfort working across multiple teams and geographies in a fast-moving environment, managing competing priorities without losing accuracy or rigour
Job Responsibility
Job Responsibility
  • Execute vendor security assessments by collecting, analysing, and documenting supplier control evidence, audit reports, and risk findings against defined frameworks including ISO 27001 and NIST CSF
  • Identify and document third-party security risks, recommending proportionate risk treatment options aligned to JET's risk appetite
  • Support threat modelling, secure design reviews, risk remediation recommendations and early-stage risk assessments alongside engineering teams as part of the secure development lifecycle
  • Translate security findings into clear, business-aligned risk language for product and stakeholders, reducing reliance on technical jargon
  • Maintain accurate risk registers, vendor assessment records, and reporting inputs that feed into executive-level risk dashboards
  • Build working relationships with business and technology teams across multiple markets, acting as a visible and trusted point of contact for security guidance
  • Fulltime
Read More
Arrow Right

Senior Information Security GRC Specialist

The Senior Information Security GRC Specialist is responsible for enhancing the ...
Location
Location
Saudi Arabia
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Information Technology or Computer Science
  • Certifications like CISA and CRISC
  • At least 5 years of experience in information security
  • Strong communication skills
Job Responsibility
Job Responsibility
  • Enhancing the organization's information security program through risk assessments, compliance management, and policy development
What we offer
What we offer
  • Access to various wellness initiatives and health benefits tailored to individual needs
  • Competitive leave policies for vacations, illness, recovery or significant life events
  • Competitive salary plus a bonus or commission plan
  • Access to unrestricted courses, learning programs and professional certifications
  • Active mentorship program
  • World-class career platform
  • Fulltime
Read More
Arrow Right

Senior Information Security GRC Specialist

Join a leading company as a Senior Information Security GRC Specialist, where yo...
Location
Location
Saudi Arabia
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge and experience with NCA regulations
  • Strong experience in Essential Cybersecurity Controls (ECC)
  • Advanced understanding of information security frameworks and standards
  • Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management
  • Excellent communication and interpersonal skills for collaborating with various stakeholders
  • Strong project management skills for handling security initiatives
  • Advanced familiarity with legal and compliance aspects related to information security
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP preferred
Job Responsibility
Job Responsibility
  • Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies
  • Develops and maintains security policies, standards, and procedures
  • Collaborates with legal and compliance teams to ensure adherence to regulatory requirements
  • Provides guidance and support to junior GRC team members
  • Assists in the creation and delivery of security awareness and training programs
  • Participates in security incident response activities as needed
  • Contributes to the continuous improvement of the information security program
  • Assists in policy management and refinement
  • Performs any other related task as required
  • Closing gabs on key findings during internal audits and evidence validation
What we offer
What we offer
  • Flexible, hybrid working model
  • Access to various wellness initiatives and health benefits tailored to individual needs
  • Competitive leave policies
  • Competitive salary plus a bonus or commission plan
  • Access to unrestricted courses, learning programs and professional certifications
  • Active mentorship program
  • World-class career platform
  • Fulltime
Read More
Arrow Right

Information Security Technology Senior Specialist

The Infrastructure Information Security Review Process (I-ISRP) Team sits in CIS...
Location
Location
India , Pune
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7 years working in an Information Technology related field
  • At least 2 years of experience in an Information Security field
  • Degree in a technology related discipline is strongly preferred
  • CISSP, CISA, CISM or equivalent exam, or commitment to obtain it in the near future
  • Experience with Unix-based systems
  • Knowledge of computer networking concepts
  • Familiarity with cloud-based technologies
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven analytical skills
  • Ability to work and make decisions independently
Job Responsibility
Job Responsibility
  • Perform the information security review of infrastructure products and verify their compliance to the Citi Information Security Standards (CISS)
  • Take ownership of the IS certification of certain products and solutions, advising clients and making security decisions on products and solutions to be released into Citi production environment
  • Evaluate the security and compliance of the products by reviewing documentation and by hands-on testing
  • Document any findings, security breaches and non-compliant items
  • Assess risks of identified gaps, advise clients and partners on the feasibility of addressing them
  • Presenting results of an IS review, defending key points towards even senior clients, while remaining helpful, flexible and open to good solutions
  • Execute strict quality control measures into all processes to consistently meet standards
  • Generate metrics and ensure productivity to guarantee Service Level Agreements (SLAs) and client expectations are met
  • Support Technical Information Security Officers in their work for remediating any non-compliant items
  • Embracing new technologies, actively seeking out opportunities for improving efficiency of the Information Security Review Process and seek out possibilities for implementing automation for any manual efforts
  • Fulltime
Read More
Arrow Right