About the role

As our business continues to grow, so does the need to strengthen and continuously improve our security practices across the organisation. In this role, you will support the development, implementation, and maintenance of information security processes that help protect both our company and our customers’ data.

You will:

• Maintain risk management processes within the ISMS

• Support the development and maintenance of security documentation

• Maintain and improve the Information Security Management System (ISMS)

• Implement relevant risk controls in cooperation with internal teams

• Support the preparation for and completion of external audits

• Process customer security-related requests and questionnaires

• Review information security assessments for new vendors

• Contribute to security awareness and education initiatives

• Manage communication related to security controls and practices

You should have a solid understanding of information security principles and a reasonably strong technical foundation to understand threats, risks, and mitigation strategies related to operating a trusted cloud service. You are also comfortable working with regulatory and legal requirements and understand the difference between risk management and risk avoidance.

About you

Must-haves:

• At least 1 year of experience or degree in cybersecurity or governance, risk and compliance (GRC) in a technology company

• Effective communication skills (oral and written) at all levels of the organization

• Ability to systematize data and offer effective solutions in conditions of limited time

• Understanding of Risk Analysis and Compliance approach

• Sufficient technical foundation to understand larger internet-based systems

• Strong sense of ownership and ability to remain composed in dynamic environments

• Team-oriented mindset with the ability to build positive working relationships

• Understanding of information security frameworks and standards, especially ISO 27001 standard

• Good knowledge of Project/Product IT lifecycle

• Task-oriented approach

Nice-to-haves:

• Experience bridging policy and implementation

• Experience with various security certifications implementation within the organization

• Eager to learn, develop in the subject, open to new challenges

About us

Our platform provides customers with an immutable, historical archive of their data in systems such as Microsoft 365, Google Workspace, Salesforce, Entra ID, Dynamics 365, and Zendesk.

We protect our customers against everything, ranging from ransomware to simple accidents.

The majority of our back-end components are written in clean, modern C++ using mainly purpose-built components. Components responsible for business processes and data mining are built using Common Lisp. Everything runs on Linux.

We pride ourselves on backing up billions of objects over foreign APIs using imperfect networks on systems with finite memory and making it all happen in a performant, reliable, and predictable way.

As we collaborate across locations, English is our primary language. Please submit your CV in English to support the review process.

We offer:

• Official employment – Umowa o pracę contract

• 4 additional working days of vacation leave per full calendar year 

• 3 days of internal sick leave without a doctor`s note 

• Health and Life Insurance

• Employee Capital Plan (PPK)  

• Multisport card compensation  

• Coverage of professional training sessions, meetups, etc.

• English-speaking club with native speakers 

• Polish language classes

• Internet and Glasses reimbursement

• Cosy office in Krakow city centre (Długa, 72) with beverages, fruit, and cookies 

• Winter and summer parties, events, team-buildings 

We kindly ask you not to provide us with any sensitive categories of personal data when applying for a job with us. When applying for the vacancy, Keepit will process your personal data, and therefore we recommend that you also read our privacy policy, which describes our processing of personal data and your rights as a data subject.

If you notice any misconduct or irregularities that fall within the scope of our whistleblowing procedure, please click here to report them.