Information Security Specialist (Mid/Senior)
- Fabryczna 20A, 31-553 Kraków, Poland
- Employees can work remotely
At SmartRecruiters, our mission is to connect people with jobs at scale. That’s why we’ve built our modern Talent Acquisition Platform to help companies hire the best talent and to help people find a job they love!
In 10 years, we expanded our customer base to 4000 companies. Our platform is used by hiring teams of Twitter, Visa, Ubisoft, CD Project RED or McDonald’s. We also helped over 50 million candidates through their job search journey.
We offer a competitive salary, generous equity, and strong career progression opportunities. We enjoy a collaborative environment that spans offices in San Francisco, Berlin, Krakow, Paris, London, and Spokane. This is a casual and pet-friendly place. We pride ourselves on being a product first organization, and we have a spot open on our candidate experience team!
SmartRecruiters understands that data is the core of our business.That’s why we’ve built Information Security structures with the Security Council as the decision body and Board of Representatives as the execution team. Keeping data secure is very crucial to the work we do and that's why we put much effort into making it smart, easy and effective.
SmartRecruiters needs to ensure that all of its applications and systems are compliant with ISO 27001/2, GDPR and SOC-2 regulations. It needs resources to facilitate the auditing of controls in place for compliance with those regulations, ensure that the technical teams have the evidence to prove their controls are in place, and if they are not, they need to work with the stakeholders and the technical teams to get them in place.
Oversee a varied and complex regulatory compliance program covering multiple domains and disciplines
Managing the stakeholder expectation & partnering with stakeholders to ensure management of IT risks and compliance.
Maintain regional and local stakeholder relationships, meeting schedules, minutes, reports
Effectively implement and maintain SOC-2 framework
Effectively manage ISO 27001 audits and coordinate with stakeholder improvements of ISMS
Maintain, manage and monitor regional and local compliance to the ISMS frameworks such as the Risk Management, Asset and Access Management, GDPR and SOC2 regulatory / legal and other obligations / requirements.
Appropriately analyze security findings and participate in remediation of issues with control owner /assurance partners.
Provide support in using evidence repositories to control owners.
Provide support of policy/standards exceptions, report status to regional and local management, and advice on corrective actions.
Prepare stakeholder presentations for stakeholders and senior leadership
Understanding of risks and risk assessments
- Compliance or auditing experience for one regulation – ISO 27001, GDPR and SOC-2
Detailed knowledge of controls auditing principles with focus on SOC-2
Knowledge of controls manifestation in small global corporations with regional and local presence is required
Good understanding of coordination and facilitation
Ability to investigate, question and interpret internal and external IT security and compliance issues
Experience of working across business units and geographical boundaries to engage engineering, business and team members is required.
At least 5 years of experience as an auditor
SmartRecruiters is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.