Information Systems Security Manager

Sopra Steria is one of the largest players in the tech industry in Europe, known for its consulting, digital services and software development. We operate in nearly 30 countries in the world, hiring more than 55,000 employees.

The Polish branch, as the Global Delivery Center, operates in Katowice since 2007 and has been growing ever since. Currently, our team consists of around 1,000 specialists.

Within the Digital Platform Services department, our teams specialize in areas such as cloud, operating systems, virtualization, databases, backup or storage, as well as networking and security. We also have 1st line support consultants who speak French and English, but also Italian, Spanish, Portuguese and German.

The Application Services department is responsible for areas such as software development, data engineering, testing services, CRM, ITSM and ERP platform integrations, as well as application management for customers in Scandinavia, Benelux, France, Germany, Switzerland and the UK.

We are looking for Information Systems Security Manager to join Sopra Steria Polska and one of our innovative international squads located in Luxembourg and Poland. You will be responsible for providing leadership and direction to our security team within the consortium matrixial organization. Your primary focus will be on ensuring the security and integrity of our IT infrastructure, systems, and data. You will lead the Security Office, driving the development, standardization and implementation of securi-ty policies, practices, and controls aligned with industry standards and regulatory requirements. Collabo-rating closely with cross-functional teams across squads, you will integrate security into all aspects of our operations and development lifecycle

Note that we can only offer cooperation to people who are located in Poland and have EU citizenship.

Responsibilities:​

• Develop and maintain the security strategy and roadmap for the consortium organization, in alignment with business objectives, regulatory requirements, and industry best practices.
• Use your mandatory Project Management skills to organize the Security Office team to ensure smooth delivery and process-based relationship with technical squads.
• Establish and enforce security policies, standards, and procedures across squads and chapters, ensuring compliance with relevant laws, regulations, and contractual obligations.
• Provide strategic guidance and recommendations to senior leadership and the Security Office on the organization's security posture and risk management.
• Define and maintain the security architecture and design principles for IT systems, applications, and infrastructure, incorporating security-by-design principles into development processes.
• Collaborate with architecture and engineering teams to evaluate, select, and implement security technologies, tools, and solutions to mitigate risks and enhance security posture.
• Conduct security architecture reviews, assessments, and audits of systems and applications, identifying vulnerabilities and recommending remediation measures.
• Develop and deliver security awareness and training programs for employees, contractors, and stakeholders, promoting a culture of security awareness and compliance.
• Provide guidance and support to squads and chapters on security best practices, secure coding principles, and threat mitigation techniques.
• Monitor and measure the effectiveness of security awareness and training initiatives, adjusting strategies as needed to address evolving threats and risks.
• Collaborate with internal audit, compliance, and legal teams to ensure adherence to security requirements and contractual obligations.
• Maintain security documentation, evidence, and artifacts to demonstrate compliance with security standards and regulations.
• Lead the Security Incident Response Team (SIRT), coordinating efforts to investigate and mitigate security incidents in a timely and effective manner.
• Develop and maintain incident response plans, playbooks, and procedures, conduct regular tabletop exercises and simulations to test and improve response capabilities

Security Domains & Focus Areas:​

• Security Governance, Risk Management, Security Architecture, SIEM/SOAR, Vulnerability Management, Incident Response, Secure SDLC, Security-by-Design, Threat Modeling, Security Awareness Programs.

Must have requirements:​

• Bachelor's degree in Information Security, Computer Science, or a related field; advanced degree or relevant certifications (e.g., CISSP, CISM, CISA) are a plus.
• Proven experience (min 5 years) in information security, with a focus on security strategy, governance, operations, and compliance.
• Strong understanding of security frameworks, standards, and best practices (e.g., NIST Cybersecurity Framework, CIS Controls, OWASP Top 10).
• Experience in leading and managing cross-functional security teams in a dynamic and fast-paced environment
• EU citizenship.
• Fluent English: B2/C1.
• Being open to occasional business trips abroad and visits in our office in Katowice

Nice to have requirements:

• Clerance

What we offer:

• BENEFITS (UoP): Luxmed, Medicover Sport, Worksmile, educational platforms, languages learning platform, referral bonus, life insurance, workation

• DEVELOPMENT OPPORTUNITIES (UoP and B2B): certifications (paid by the company), conferences, Tech Lunches, possibility to join our Communities (Project Management, Architecture, Security, Process Management, Leadership, AI and Cloud)

The recruitment process in our company consists of 4 stages:

•a short phone call with a recruiter (30 min max)

•one-hour long interview on Teams (with both general and technical questions)

•1st client interview (30 min)

•2nd client technical interview

 

Salary range:

UoP: 18 000- 22 000 PLN gross/month

B2B: 135-180/190 PLN net/h

All information about salary range and its additional components will be provided during the 1st stage of recruitment process.

At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.