Information Security Specialist (Mid/Senior)
- Fabryczna 20A, 31-553 Kraków, Poland
- Employees can work remotely
SmartRecruiters is a values-driven, global-minded, and well-funded tech employer on a mission to connect people to jobs at scale. As a global leader in enterprise recruitment software, SmartRecruiters offers a cloud-based global Hiring Success platform that allows teams to attract, select, and hire the best talent. 4,000 companies worldwide rely on SmartRecruiters to achieve hiring success—including brands like Bosch, LinkedIn, Skechers, and Visa—using recruitment marketing, CRM, AI, ATS, and a marketplace of 600+ connected vendors all within one scalable platform.
SmartRecruiters was recognized by Forbes as one of the Best Employers in 2020. We are proud to offer a collaborative, diverse, and remote-friendly work environment, as well as competitive salaries and generous equity. We believe in promotion from within, so high performance can lead to upward mobility. Needless to say, we make sure you’re taken care of. Our inclusive office environment welcomes and respects all.
SmartRecruiters understands that data is the core of our business.That’s why we’ve built Information Security structures with the Security Council as the decision body and Board of Representatives as the execution team. Keeping data secure is very crucial to the work we do and that's why we put much effort into making it smart, easy and effective.
SmartRecruiters needs to ensure that all of its applications and systems are compliant with ISO 27001/2, GDPR and SOC-2 regulations. It needs resources to facilitate the auditing of controls in place for compliance with those regulations, ensure that the technical teams have the evidence to prove their controls are in place, and if they are not, they need to work with the stakeholders and the technical teams to get them in place.
Oversee a varied and complex regulatory compliance program covering multiple domains and disciplines
Managing the stakeholder expectation & partnering with stakeholders to ensure management of IT risks and compliance.
Maintain regional and local stakeholder relationships, meeting schedules, minutes, reports
Effectively implement and maintain SOC-2 framework
Effectively manage ISO 27001 audits and coordinate with stakeholder improvements of ISMS
Maintain, manage and monitor regional and local compliance to the ISMS frameworks such as the Risk Management, Asset and Access Management, GDPR and SOC2 regulatory / legal and other obligations / requirements.
Appropriately analyze security findings and participate in remediation of issues with control owner /assurance partners.
Provide support in using evidence repositories to control owners.
Provide support of policy/standards exceptions, report status to regional and local management, and advice on corrective actions.
Prepare stakeholder presentations for stakeholders and senior leadership
Understanding of risks and risk assessments
- Compliance or auditing experience for one regulation – ISO 27001, GDPR and SOC-2
Detailed knowledge of controls auditing principles with focus on SOC-2
Knowledge of controls manifestation in small global corporations with regional and local presence is required
Good understanding of coordination and facilitation
Ability to investigate, question and interpret internal and external IT security and compliance issues
Experience of working across business units and geographical boundaries to engage engineering, business and team members is required.
At least 5 years of experience as an auditor
SmartRecruiters is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.