Security Risk Officer

4 Months ago • All levels
Risk Management

Job Description

The Security Risk Officer will identify, assess, and monitor risks related to IT, cybersecurity, data protection, and business continuity. They will advise cross-functional teams on risk-aware decision-making and coordinate audits, security reviews, and compliance checks. This role involves overseeing the implementation and tracking of security, IT, and data governance controls, maintaining risk registers, and managing third-party risk. Additionally, they will ensure compliance with relevant standards and regulations, support incident response, and act as a liaison between Security, IT, Legal, and Executives during incidents. The ideal candidate should possess excellent communication skills and a strong understanding of GDPR and other data protection regulations.
Good To Have:
  • Professional certifications such as CRISC, CISSP, or CISA.
  • Experience in conducting internal audits and risk assessments.
  • Ability to map risks to business processes.
  • Participation in tabletop exercises.
  • Knowledge of frameworks such as NIST CSF.
  • Certification in incident response.
  • Background in security consulting or regulated industries.
  • Familiarity with tools like Confluence or Jira.
Must Have:
  • Proven experience in cybersecurity or enterprise risk management.
  • Familiarity with security frameworks and risk management standards.
  • Understanding of security controls in various environments.
  • Experience in coordinating security incident response efforts.
  • Ability to assess business impact during security events.
  • Familiarity with incident response processes and post-incident reviews.
  • Ability to work under pressure and facilitate communication.
  • Understanding of incident lifecycle from detection to analysis.
  • Excellent communication skills to work across departments.
  • Comfortable with documentation, controls tracking, and policy management.
  • Solid understanding of GDPR and other data protection regulations.
  • Very good command of English.
Perks:
  • Private medical care and life insurance.
  • Pro-health campaigns and gifts for different occasions.
  • Flexible working hours and no dress code.
  • Dedicated development budget and extra paid training days.
  • Stable career paths and extensive internal/external training.
  • Financing of English and Polish language classes.
  • Chillout zones, a fully equipped kitchen, and a gym.
  • Free car park (Warsaw - limited space).

Add these skills to join the top 1% applicants for this job

team-management
cross-functional
communication
risk-management
budget-management
oops
storytelling
incident-response
confluence
jira

Company Description

Techland is one of the biggest video game companies in Poland, with over 30 years of experience in the gaming industry. From our studios in Wrocław and Warsaw, we’ve built an international team of more than 500 talented professionals, all dedicated to pushing the boundaries of game development.

We’re known for creating iconic franchises like Call of Juarez and the zombie genre-defining Dying Light, which has been played by over 45 million players worldwide. With a focus on open-world action, storytelling, and community engagement, we’re committed to delivering unforgettable experiences to our players.

We’re constantly striving to improve, innovate, and take on new challenges. With ambitious plans for the future, we’re looking for passionate people to be part of this exciting journey.

Job Description

Your daily tasks:

  • Identifying, assessing, and monitoring risks related to IT, cybersecurity, data protection, and business continuity.

  • Advising cross-functional teams on risk-aware decision-making in projects and operations.

  • Coordinating audits, security reviews, compliance checks, and data protection impact assessments (DPIAs).

  • Overseeing implementation and tracking of security, IT, and data governance controls.

  • Maintaining risk registers, control matrices, and mitigation plans.

  • Managing third-party risk through vendor assessments and reviews.

  • Ensuring compliance with relevant standards and regulations (e.g., ISO 27001, GDPR, NIST).

  • Supporting and coordinate incident response, including internal communication during critical events.

  • Leading post-incident reviews and ensure integration of findings into risk management plans.

  • Acting as liaison between Security, IT, Legal, and Executives during high-impact incidents.

 

Qualifications

  • Proven experience in cybersecurity, IT governance or enterprise risk management.

  • Familiarity with security frameworks (ISO 27001, NIST CSF, SOC 2) and risk management standards (e.g. ISO 31000).

  • Understanding of security controls in cloud, endpoint, infrastructure and application environments.

  • Experience participating in or coordinating security incident response efforts.

  • Ability to assess business impact during security events and help prioritize response actions.

  • Familiarity with incident response processes, escalation paths and post-incident reviews (RCA, lessons learned).

  • Comfortable working under pressure and facilitating structured communication between stakeholders during incidents.

  • Understanding of incident lifecycle, from detection to containment, recovery and root cause analysis.

  • Excellent communication skills – ability to work across departments and present risk contextually.

  • Comfortable with documentation, controls tracking, audit evidence and policy management.

  • Solid understanding of GDPR and other data protection regulations.

  • Very good command of English.

Nice to have:

  • Professional certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor.

  • Experience in conducting or supporting internal audits, risk assessments and compliance projects.

  • Ability to map risks to business processes and help define tolerances with stakeholders.

  • Participation in tabletop exercises or real-world security incident coordination.

  • Knowledge of frameworks such as NIST CSF or SANS Incident Handling.

  • Certification in incident response or cyber resilience (e.g. GCIH, ISO 27035).

  • Background in security consulting, legal tech, or regulated industries (finance, healthcare, gaming).

  • Familiarity with tools like Confluence, Jira, GRC platforms or risk dashboards.

Additional Information

What we can offer:

  • A wide array of benefits: private medical care, life insurance, pro-health campaigns, gifts for different occasions.
  • An outstanding work atmosphere in a highly-skilled team of professionals, with flexible working hours, no dress code, and full support of the dedicated HR Business Partner.
  • Many opportunities for personal development: a dedicated development budget for each employee, extra two paid days for training and CSR, stable career paths, extensive internal and external training, and financing of English and Polish language classes.
  • State-of-the-art offices filled with chillout zones, a fully equipped kitchen, a gym (Wrocław office), and a free car park (Warsaw limited amount of space).

Set alerts for more jobs like Security Risk Officer
Set alerts for new jobs by Techland
Set alerts for new Risk Management jobs in Poland
Set alerts for new jobs in Poland
Set alerts for Risk Management (Remote) jobs

Contact Us
hello@outscal.com
Made in INDIA 💛💙