GRC Specialist

We are looking for an experienced individual to join our Information Security Team as a Security Analyst. 

Functional responsibilities: 

• assistance to sales teams with the preparation of tender documentation; 
• communication with customers, auditors, and independent experts on the security of the company's products and services; 
• support of projects and audits for certification of the company's products, services and processes for compliance with information security standards, independent verification of the security of the company's products and services; 
• setting tasks and communicating with development teams to eliminate vulnerabilities and improve the security of the company's products and services; 
• systematization and maintenance of an actual state of the knowledge base with typical questions of clients regarding information security; 
• development and maintenance of the company's regulatory documents in the field of information security; 
• monitoring the implementation of information security processes, collecting and preparing evidence of the implementation of information security processes.

Candidate requirements: 

• at least 2 years of practical experience in the field of information security; 
• practical experience in communicating with customers, partners, suppliers and vendors on information security issues in products and services;
• knowledge and understanding of information security standards — ISO 27001, GDPR, SOC2, HIPAA, etc; 
• knowledge of OWASP Top 10, understanding of the mechanisms of vulnerability realization and approaches to their elimination; 
• knowledge and understanding of the operation of basic information security tools (e.g., Anti-Virus, Firewall, IPS/IDS, DLP, VPN, etc.); 
• knowledge of English at least B2+ level.

Will be a plus: 

• Certificate of specialist in information security management systems (ISO/IEC 27001);  
• knowledge of practices and practical experience in supporting secure development processes (Secure SDLC);
• Practical experience in researching web applications and source code vulnerabilities using Qualys Web Application Security, Acunetix, SonarQube, Black Duck, Checkmarx, Fortify, OWASP ZAP, Burp, etc.

What you should expect from us: 

• the award-winning product (a Leader in Gartner Quadrants) to be proud of; 
• a remote-first hybrid model: while giving plenty of space for concentration and personal working habits, we encourage regular meetings in one of our five hubs worldwide; 
• culture of genuine care, ownership, dedication, and high standards (learn more here); 
• a vibrant corporate life: enjoy the opportunity to explore your teammates' cultures in online and offline events, participate in sports competitions, enjoy art master classes, and create your new favorite memories at our parties; 
• caring for your health: Creatio offers several options for medical insurance together with our medical partner 
• Creatio offers all team members competitive pay; 
• paid leave options for life-qualifying events, sicknesses, etc; 
• nice and modern hub in the Warsaw city center to get acquainted with colleagues or to gain some quiet space for concentration.