Information Security Specialist

The Information Security Specialist is responsible for executing and supervising group-wide IT security initiatives and ensuring that security requirements are implemented across our systems, partners, and projects. In this role, you will coordinate and drive the implementation of our security roadmap, supporting the development of business requirements, technical specifications, and security assessments.

You will independently conduct security audits of our partners and service providers, identifying risks and proposing pragmatic solutions to protect our data and systems.

Responsibilities

• Implement and Maintain Security Policies

  • Ensure compliance with SG Group standards by regularly reviewing and updating security policies, procedures, and documentation.

• Risk Assessment and Management

  • Identify potential security risks and manage vulnerabilities across systems and processes.

• Security Monitoring and Incident Response

  • Respond to security incidents, conduct root cause analysis, and implement corrective and preventive actions.

• Compliance and Audit Support

  • Perform and support internal and external audits related to information security.

• Training and Awareness

  • Promote security awareness across the organization.

  • Provide guidance and training on SGIP policies and security best practices.

• Collaboration and Stakeholder Engagement

  • Work closely with business units to understand operational needs and integrate security requirements into processes and projects.

  • Collaborate with the ASSU security team to align standards and share best practices.

  • Cooperate with technical teams (infrastructure, application) to implement secure configurations and remediate vulnerabilities.

• IT Continuity and Resilience

  • Support the development and maintenance of IT continuity plans aligned with SG Group and business continuity expectations.

  • Coordinate IT continuity tests and exercises to validate recovery capabilities.

Our requirements

• Higher education degree.

• Fluent English (Polish optional).

• Minimum 3 years of experience in similar responsibilities, enabling you to contribute effectively from day one.

• Practical experience with ISO 27001, penetration testing, security audits, and related security frameworks.

• Certifications such as CISM, CISSP or similar are a plus. If you do not hold one yet, you should have the ambition and commitment to obtain it.

• Interest in understanding not only technology but also the business context of our systems. Experience in the financial sector is welcome but not required.

• High level of autonomy, ability to take initiative, prioritize and organize work effectively.

• Strong communication and analytical skills.

• Intercultural competency and a collaborative, team‑oriented mindset.

• Positive, proactive, and solution‑oriented attitude.

What we offer

• Work in a multicultural environment within a professional and supportive team,

• Opportunities for training and professional development within an international financial group,

• Competitive salary

• Friendly work culture,

• Package of benefits

  
  

Benefits

• Additional days off (1 day after 1 year, 3 days after 3 years, 4 days after 5 years, 5 days after 10 years; 16 hours annually for charity work; company closure on May 2nd and December 31st)

• Lunch pass

• Co‑funded sports card

• Private medical care

• Co‑funded professional training & courses

• Life insurance

• Integration events

• No dress code