Information Security Manager

InfoSec Manager (GRC) – Warsaw (Permanent)

1-2 days per week on-site

Package? 25,000 Zloty per month

*Must be able to speak Polish fluently

A job for someone who actually reads regulations… and occasionally enjoys it.

Most companies say they want someone “hands‑on”. This one really means it.

Because when the regulators come knocking - DORA, PSD2, EBA, GDPR, KIP and whatever new acronym Brussels dreams up next - they won’t be asking for your manager. They’ll be asking for you.

And you’ll need to know what you’re talking about.

What you’ll actually be doing

(Instead of what job ads usually pretend you’ll be doing)

• Acting as the Security Business Partner for the local market - which is a polite way of saying you’re the one everyone calls when something looks risky, smells risky, or might become risky if someone keeps pressing the wrong button.
• Being the single point of contact for all things Security. Yes, all of them. Even the ones technically owned by other teams.
• Making sure the organisation doesn’t accidentally break any laws - especially the ones with expensive fines attached.
• Keeping the ISMS compliant across multiple brands and business divisions.
• Translating regulatory requirements into policies, standards and procedures that normal humans can follow without crying.
• Running control effectiveness reviews, maturity assessments and reporting on KRIs - because numbers make executives feel safe.
• Representing Security in front of the Country Manager, Local Board and governance bodies. If you dislike meetings, this won’t be your favourite part.
• Working with SMEs across Security, IT, Legal, Data Protection and the business to make sure controls actually work in real life, not just in PowerPoint.
• Assessing ICT risk, third‑party risk, local risk appetite and remediation plans - and then making sure those plans don’t die in someone’s inbox.
• Helping build a cyber‑security culture that doesn’t rely solely on posters about phishing.
• Advising the business on how not to get hacked, breached, fined or embarrassed.

Who this job is for

Someone who:

• Knows their regulatory compliance from their risk management.
• Can talk to auditors without sweating.
• Can talk to engineers without confusing them.
• Can talk to executives without scaring them.
• Understands that “security culture” is more than sending out an annual awareness video.
• Doesn’t need to be micromanaged, handheld or spoon‑fed.
• Can explain DORA to someone who thinks it’s a cartoon character.

Who this job is not for

• People who think “GRC” means “filling in spreadsheets”.
• People who panic when someone mentions the word “audit”.
• People who want a quiet life.
• People who think policies write themselves.

Why you might actually like this job

Because it’s global. Because you’ll have influence. Because you’ll be the person who shapes how the organisation interprets and implements regulatory requirements across multiple markets. Because you’ll be trusted to get on with it. And because you’ll be the adult in the room when it comes to security governance.