Information Systems Security Manager

Nasze wymagania: Bachelor's degree in Information Security, Computer Science, or a related field; advanced degree or relevant certifications (e.g., CISSP, CISM, CISA) are a plus. Proven experience (min 5 years) in information security, with a focus on security strategy, governance, operations, and compliance. Strong understanding of security frameworks, standards, and best practices (e.g., NIST Cybersecurity Framework, CIS Controls, OWASP Top 10). Experience in leading and managing cross-functional security teams in a dynamic and fast-paced environment EU citizenship. Fluent English: B2/C1. Being open to occasional business trips abroad and visits in our office in Katowice. Mile widziane: Clerance O projekcie: We are looking for Information Systems Security Manager to join Sopra Steria Polska and one of our innovative international squads located in Luxembourg and Poland. You will be responsible for providing leadership and direction to our security team within the consortium matrixial organization. Your primary focus will be on ensuring the security and integrity of our IT infrastructure, systems, and data. You will lead the Security Office, driving the development, standardization and implementation of securi-ty policies, practices, and controls aligned with industry standards and regulatory requirements. Collabo-rating closely with cross-functional teams across squads, you will integrate security into all aspects of our operations and development lifecycle Note that we can only offer cooperation to people who are located in Poland and have EU citizenship. Zakres obowiązków: Develop and maintain the security strategy and roadmap for the consortium organization, in alignment with business objectives, regulatory requirements, and industry best practices. Use your mandatory Project Management skills to organize the Security Office team to ensure smooth delivery and process-based relationship with technical squads. Establish and enforce security policies, standards, and procedures across squads and chapters, ensuring compliance with relevant laws, regulations, and contractual obligations. Provide strategic guidance and recommendations to senior leadership and the Security Office on the organization's security posture and risk management. Define and maintain the security architecture and design principles for IT systems, applications, and infrastructure, incorporating security-by-design principles into development processes. Collaborate with architecture and engineering teams to evaluate, select, and implement security technologies, tools, and solutions to mitigate risks and enhance security posture. Conduct security architecture reviews, assessments, and audits of systems and applications, identifying vulnerabilities and recommending remediation measures. Develop and deliver security awareness and training programs for employees, contractors, and stakeholders, promoting a culture of security awareness and compliance. Provide guidance and support to squads and chapters on security best practices, secure coding principles, and threat mitigation techniques. Monitor and measure the effectiveness of security awareness and training initiatives, adjusting strategies as needed to address evolving threats and risks. Collaborate with internal audit, compliance, and legal teams to ensure adherence to security requirements and contractual obligations. Maintain security documentation, evidence, and artifacts to demonstrate compliance with security standards and regulations. Lead the Security Incident Response Team (SIRT), coordinating efforts to investigate and mitigate security incidents in a timely and effective manner. Develop and maintain incident response plans, playbooks, and procedures, conduct regular tabletop exercises and simulations to test and improve response capabilities. Security Governance, Risk Management, Security Architecture, SIEM/SOAR, Vulnerability Management, Incident Response, Secure SDLC, Security-by-Design, Threat Modeling, Security Awareness Programs. Oferujemy: BENEFITS (UoP): Luxmed, Medicover Sport, Worksmile, educational platforms, languages learning platform, referral bonus, life insurance, workation DEVELOPMENT OPPORTUNITIES (UoP and B2B): certifications (paid by the company), conferences, Tech Lunches, possibility to join our Communities (Project Management, Architecture, Security, Process Management, Leadership, AI and Cloud)