Security Senior Expert (ICT Regulatory Compliance) & Business Partner

PROVIDENT Polska operates in the financial services sector and has been on the Polish market for 29 years. The company emphasizes financial inclusion and supports various organizational areas including IT security, finance, HR, marketing, and customer service.

• Proven experience in ICT security, technology risk and regulatory compliance within financial services.
• Strong knowledge of DORA, GDPR, PSD2, EBA guidelines and ICT risk frameworks.
• Hands on experience with ISMS design, implementation or oversight.
• Ability to interpret regulatory requirements and translate them into practical controls.
• Strong understanding of ICT, cloud, outsourcing and third party risk.
• Experience engaging with senior management, regulators and auditors.
• Very good spoken and written English (additional languages an advantage).

• Act as a Group technical authority for ICT regulatory compliance (e.g. DORA, GDPR, PSD2, EBA guidelines).
• Ensure ongoing alignment of the ISMS with legal, regulatory and contractual obligations.
• Perform ICT compliance assessments, control effectiveness reviews and maturity evaluations.
• Identify compliance gaps and prioritise remediation actions in cooperation with IT, Risk and Security SMEs.
• Define, monitor and report compliance KPIs and KRIs at Group and local level.
• Act as Security Business Partner for the local market (Poland) and single point of contact for Information Security.
• Advise senior management on ICT and third party risk, control deficiencies and remediation plans.
• Provide senior oversight of major ICT and cyber incidents, including escalation, regulatory notification and post incident reviews.
• Lead interaction with local regulators and supervisory authorities on security related matters.
• Promote a strong cybersecurity and risk aware culture within the local organisation.