Security Risk Officer

Your daily tasks:

• Identifying, assessing, and monitoring risks related to IT, cybersecurity, data protection, and business continuity.

• Advising cross-functional teams on risk-aware decision-making in projects and operations.

• Coordinating audits, security reviews, compliance checks, and data protection impact assessments (DPIAs).

• Overseeing implementation and tracking of security, IT, and data governance controls.

• Maintaining risk registers, control matrices, and mitigation plans.

• Managing third-party risk through vendor assessments and reviews.

• Ensuring compliance with relevant standards and regulations (e.g., ISO 27001, GDPR, NIST).

• Supporting and coordinate incident response, including internal communication during critical events.

• Leading post-incident reviews and ensure integration of findings into risk management plans.

• Acting as liaison between Security, IT, Legal, and Executives during high-impact incidents.

• Proven experience in cybersecurity, IT governance or enterprise risk management.

• Familiarity with security frameworks (ISO 27001, NIST CSF, SOC 2) and risk management standards (e.g. ISO 31000).

• Understanding of security controls in cloud, endpoint, infrastructure and application environments.

• Experience participating in or coordinating security incident response efforts.

• Ability to assess business impact during security events and help prioritize response actions.

• Familiarity with incident response processes, escalation paths and post-incident reviews (RCA, lessons learned).

• Comfortable working under pressure and facilitating structured communication between stakeholders during incidents.

• Understanding of incident lifecycle, from detection to containment, recovery and root cause analysis.

• Excellent communication skills – ability to work across departments and present risk contextually.

• Comfortable with documentation, controls tracking, audit evidence and policy management.

• Solid understanding of GDPR and other data protection regulations.

• Very good command of English.

Nice to have:

• Professional certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor.

• Experience in conducting or supporting internal audits, risk assessments and compliance projects.

• Ability to map risks to business processes and help define tolerances with stakeholders.

• Participation in tabletop exercises or real-world security incident coordination.

• Knowledge of frameworks such as NIST CSF or SANS Incident Handling.

• Certification in incident response or cyber resilience (e.g. GCIH, ISO 27035).

• Background in security consulting, legal tech, or regulated industries (finance, healthcare, gaming).

• Familiarity with tools like Confluence, Jira, GRC platforms or risk dashboards.

What we can offer:

• A wide array of benefits: private medical care, life insurance, pro-health campaigns, gifts for different occasions.
• An outstanding work atmosphere in a highly-skilled team of professionals, with flexible working hours, no dress code, and full support of the dedicated HR Business Partner.
• Many opportunities for personal development: a dedicated development budget for each employee, extra two paid days for training and CSR, stable career paths, extensive internal and external training, and financing of English and Polish language classes.
• State-of-the-art offices filled with chillout zones, a fully equipped kitchen, a gym (Wrocław office), and a free car park (Warsaw limited amount of space).