Original Beschreibung
## Information Security & Compliance Lead (m/w/d)
###### Permanent employee, Full-time ·Polen
---
##### Your mission
We are seeking an experienced **Information Security & Compliance Lead** to take ownership of our organization’s security governance, risk, and compliance programs. This role is critical in **maintaining our ISO 27001 certification**, strengthening our security posture, and ensuring regulatory compliance across all business functions. The ideal candidate will drive a culture of security and collaborate closely with internal stakeholders, control owners, and external partners to uphold robust security standards.
* Maintain and continuously improve the **ISO 27001 Information Security Management System (ISMS)**.
* Collaborate with **control owners** to ensure timely and effective implementation of technical and organizational controls.
* Lead and conduct **internal audits**, coordinate external audits, and manage audit findings to closure.
* Drive and maintain a **risk management process**, including risk identification, assessment, treatment, and reporting.
* Own and update **security policies, procedures, and awareness programs** across the organization.
* Conduct **vendor and third-party security assessments** (including DPAs and security questionnaires).
* Prepare and deliver **risk and compliance reports** for the Head of IT and the Board of Directors.
* Monitor changes in relevant laws and regulations (e.g., GDPR, NIS2) and adjust practices accordingly.
* Support **incident response** planning and exercises in cooperation with technical teams.
* Collaborate with IT, Legal, HR, and other functions to ensure alignment on compliance requirements and initiatives.
##### Your profile
* Proven experience (3+ years) in Information Security, Risk, or Compliance roles.
* In-depth knowledge of **ISO 27001** standards and certification process.
* Experience conducting **internal audits** and managing external audits.
* Familiarity with frameworks such as **NIST, CIS, ITIL, or COBIT**.
* Strong understanding of **risk management principles**, data protection (e.g., GDPR), and regulatory compliance.
* Excellent communication skills with ability to present to senior management and non-technical stakeholders.
* Ability to work independently, influence others, and drive cross-functional initiatives.
* Experience with **GRC tools**, vendor assessment platforms, or audit management tools is a plus.
Relevant certifications such as **CISM, CISSP, ISO 27001 Lead Implementer/Auditor**, or similar are preferred.
##### Why us?
* A diverse working environment in which you can contribute your own ideas and potential in the long term.
* Intensive induction and development opportunities for your professional and personal development in our in-house training center, as well as support from a mentor.
* Flat hierarchies and an open corporate culture that values teamwork and fun at work.
* Flexible trust-based working hours with mobile office options and an attractive salary package including standard benefits (MultiSport, LuxMed, Life Insurance, etc.)
* If you're in the office, we enrich everyday working life with coffee, drinks, company parties and team events.
##### Deine Aufgaben
We are seeking an experienced **Information Security & Compliance Lead** to take ownership of our organization’s security governance, risk, and compliance programs. This role is critical in **maintaining our ISO 27001 certification**, strengthening our security posture, and ensuring regulatory compliance across all business functions. The ideal candidate will drive a culture of security and collaborate closely with internal stakeholders, control owners, and external partners to uphold robust security standards.
* Maintain and continuously improve the **ISO 27001 Information Security Management System (ISMS)**.
* Collaborate with **control owners** to ensure timely and effective implementation of technical and organizational controls.
* Lead and conduct **internal audits**, coordinate external audits, and manage audit findings to closure.
* Drive and maintain a **risk management process**, including risk identification, assessment, treatment, and reporting.
* Own and update **security policies, procedures, and awareness programs** across the organization.
* Conduct **vendor and third-party security assessments** (including DPAs and security questionnaires).
* Prepare and deliver **risk and compliance reports** for the Head of IT and the Board of Directors.
* Monitor changes in relevant laws and regulations (e.g., GDPR, NIS2) and adjust practices accordingly.
* Support **incident response** planning and exercises in cooperation with technical teams.
* Collaborate with IT, Legal, HR, and other functions to ensure alignment on compliance requirements and initiatives.
##### Dein Profil
* Proven experience (3+ years) in Information Security, Risk, or Compliance roles.
* In-depth knowledge of **ISO 27001** standards and certification process.
* Experience conducting **internal audits** and managing external audits.
* Familiarity with frameworks such as **NIST, CIS, ITIL, or COBIT**.
* Strong understanding of **risk management principles**, data protection (e.g., GDPR), and regulatory compliance.
* Excellent communication skills with ability to present to senior management and non-technical stakeholders.
* Ability to work independently, influence others, and drive cross-functional initiatives.
* Experience with **GRC tools**, vendor assessment platforms, or audit management tools is a plus.
Relevant certifications such as **CISM, CISSP, ISO 27001 Lead Implementer/Auditor**, or similar are preferred.
##### Unser Angebot
* A diverse working environment in which you can contribute your own ideas and potential in the long term.
* Intensive induction and development opportunities for your professional and personal development in our in-house training center, as well as support from a mentor.
* Flat hierarchies and an open corporate culture that values teamwork and fun at work.
* Flexible trust-based working hours with mobile office options and an attractive salary package including standard benefits (MultiSport, LuxMed, Life Insurance, etc.)
* If you're in the office, we enrich everyday working life with coffee, drinks, company parties and team events.