HireRight Poland Sp. z o.o.
- Uniwersytecka 18, KatowiceKatowice, Silesian
- offer expired 24 days ago
- contract of employment
- specialist (Mid / Regular)
- remote recruitment
Technologies we use
Acts as a risk evangelist and can communicate the importance of risk management objectives and create buy-in and participation throughout all levels of stakeholders.
Partner with internal stakeholders across all business groups to support GRC related initiatives and communicate back to stakeholders.
Perform risk assessment, analysis, monitoring, and reporting
Ensure that the information security risk management program adheres to industry, government, and organizational standards.
Schedule and perform risk assessments using a defined methodology to identify, document, and communicate control deficiencies in business processes and technology systems.
Partner with the business and technology to socialize security risk findings identified through the risk assessment (e.g., vendor, application, infrastructure).
Provide risk remediation recommendations that the stakeholders may implement to mitigate identified control gaps and assist with the remediation when possible.
Maintain the risk register through collaborative assignment and prioritization.
• High School diploma or GED required
• Bachelor’s degree in computer science, management, IT or related field, or combination of adequate education and work experience.
• Prior experience conducting internal and external risk assessments and providing guidance to functional teams with the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and / or remediation items
• Experience attaining and maintaining ISO 27001, SOC2 Type II, PCI DSS, and others
• High degree of independence and exceptional work ethic with or managing a small team with a solution oriented mindset
• Familiarity with core IT and Information Security technologies
• 1-2 years of relevant experience is required.
Knowledge & Skill:
• Frameworks, Regulations, and Security Control sets: NIST Cybersecurity Framework (CSF), ISO27001, NIST 800-53, PCI-DSS, GDPR, SOX)
• Security and Privacy controls testing experience
• Certifications or other specialized training (CRISC, CISA, CGEIT, GCIH, CIPP/X)
• General IT knowledge (architecture, networking, operations)
• Threat modeling (STRIDE/PASTA/TRIKE) / MITRE ATT&CK familiarity
• Ability to synthesize complex data, produce appropriate outcomes, and convey information designed for relevant audiences
• Stakeholder and executive audience engagement and communication
• Worked with common business processes and cross-departmental projects
• Working familiarity with BCP/DR programs, Privacy, and Physical Security
• Exceptional interpersonal, written, and oral communication skills
• Preferred: ISO27001/LI and/or ISO27001/LA
What we offer
Career Path & Opportunities to Grow
Private Medical Care
Paid Lunch Break (30 Minutes)
Social Fund (Holiday Allowance, Glasses Voucher)
Group Life Insurance
Football & Running Teams
HireRight Poland Sp. z o.o.
HireRight is the premier global background screening and workforce solutions provider. We bring clarity and confidence to vetting and hiring decisions through integrated, tailored solutions, driving a higher standard of accuracy in everything we do. Combining in-house talent, personalized services, and proprietary technology, we ensure the best candidate experience possible. NAPBS accredited and based in Irvine, CA, we offer expertise from our regional centers across 200 countries and territories in The Americas, Europe, Asia, and the Middle East. Our commitment to get it right every time, everywhere, makes us the trusted partner of businesses and organizations worldwide.
HireRight Katowice received a Manpower ‘Friendly Work Environment’ award.
For more information about our company and Katowice office, please be sure to visit us on Facebook -https://www.facebook.com/hirerightPL/
HireRight is an Equal Opportunity Employer
This role is based in London, UK as an ISMS analyst, reporting to the Sr. Manager, Governance Risk & Compliance (GRC) and will assist in the management and reporting of all aspects of information security risk management, third-party vendor management, and operational monitoring to ensure that the organization's Information Security’s risks are well documented, and issues are identified and remediation plans formalized in a timely fashion.