Security & Compliance Leader at FOTC

Stanowisko Security & Compliance Leader
Opublikowano 11 Jan 2026
Wygasło 10 Feb 2026
Firma FOTC
Lokalizacja Wysokie Mazowieckie | PL
Rodzaj umowy Full Time

Opis stanowiska:

Najnowsze informacje o pracy w FOTC na stanowisko Security & Compliance Leader. If the Security & Compliance Leader wolny etat w Wysokie Mazowieckie odpowiada Twoim kwalifikacjom, prześlij swoje aktualne CV bezpośrednio przez portal Jobkos.

Pamiętaj, że proces rekrutacji wymaga spełnienia określonych wymogów firmy. Mamy nadzieję, że oferta pracy w FOTC na stanowisko Security & Compliance Leader poniżej odpowiada Twoim kwalifikacjom.

We’re FOTC – a team of cloud enthusiasts helping companies get the most out of Google Cloud and Google Workspace. Whether it's moving to the cloud, building smarter workplaces, using AI, or just making everyday work easier — we're here for it.

We’ve been around for over 10 years, and in that time we’ve worked with more than 6,500 companies in 50+ countries. Big names, small teams, startups, scaleups – you name it. From our offices in Wrocław, Warsaw, Bucharest, Budapest – or from wherever we’re working remotely – we help businesses grow with the right tech.

We’re a Google Cloud Premier Partner, but more than that — we’re people who genuinely like solving problems, testing new ideas, and turning complex stuff into simple solutions.

What we believe in

We believe work should make sense — not just on paper, but in real life. That means innovation, partnership, responsibility, flexibility & adaptation, transparency, and a team you can count on. We support each other, share what we know, and celebrate wins (big and small).

If you're someone who likes figuring things out, isn’t afraid to take initiative, and wants to work with tech that actually makes a difference — you might just find your place with us.Because at FOTC, it’s not just about cloud. It’s about people.

Your responsibilities will include: End-to-end security of the cloud and user environments (GCP/AWS + Google Workspace) – prevention, detection, response, compliance (SOC 2, ISO 27001, PCI DSS, NIS2), privacy, and business continuity.

Scope of Accountability

Security Program

  • Security/GRC Strategy and Roadmap;
    policies, standards, controls;
    asset & data classification.
  • Risk Register, TPM (Third-Party Management), BCP/DR (Business Continuity Plan/Disaster Recovery);
    privacy by design (in cooperation with DPO/Legal).

Cloud & Platform Security

  • Hardening GCP/AWS (IAM, networking, WAF, KMS/HSM, DLP, Secret Mgmt), CSPM/CNAPP;
    scanning IaC/containersin CI/CD.
  • Observability & logging: log export to SIEM (e.G., Chronicle/BigQuery) + detection and SOAR playbooks.

Google Workspace Security (in-depth)

  • Identity & Access: Configuring SSO (SAML/OIDC) with IdP, SCIM/automated role assignment, Context-Aware Access (BeyondCorp), MFA/Passkeys policies, OAuth restrictions (app access control), 3rd-party token blocklists.
  • Email & Domains: SPF, DKIM, DMARC (p=quarantine/reject), MTA-STS + TLS-RPT, BIMI;
    routing and quarantine rules;
    BEC/impersonation protection;
    S/MIME (optionally CSE).
  • DLP & Data Protection: DLP policies for Gmail/Drive/Chat, Drive labels/classification, data regions, Client-Side Encryption (CSE) where required (e.G., legal department).
  • Monitoring & IR: Alert Center and Security Center (risk dashboard, recommendations), alert flow to SIEM/SOAR;
    IR playbooks for phishing/BEC/stolen sessions/OAuth abuse.
  • Compliance & eDiscovery: Google Vault (retention, hold, eDiscovery), legal holds, audits (Admin SDK Reports API), preparation of evidence for SOC 2/ISO/PCI/NIS2.
  • Endpoint & Browsers: Google Endpoint Management (Android/iOS/Windows/macOS), Chrome Enterprise policies (extensions allowlist/blocklist, safe browsing, download protection, password alerts), data isolation (managed profiles).
  • Automation: Admin SDK (Directory/Reports), GAM/gamADV-XTD, Apps Script;
    automated response (e.G., revoke tokens, reset sessions).

Detection and IR

  • Design and operation of a lightweight SOC (SIEM/SOAR/EDR), 24/7 on-call procedures (lightweight), tabletop exercises, RCA (Root Cause Analysis).

DevSecOps & AppSec

  • SAST/SCA/DAST, IaC scanning, SBOM, supply-chain, signed artifacts, secret scanning, threat modeling.

Training & Culture

  • Awareness program (phishing drills), secure coding, policies for using Workspace and devices.

Management

  • Leading a small SecOps/AppSec/GRC team;
    budget;
    cooperation with Head of Cloud/CTO, DevOps, Data, Legal, DPO.

Requirements:

  • 6–10+ years in cybersecurity;
    min. 3 years in cloud security (GCP/AWS/AZURE) and min. 2 years of practical Google Workspace Security experience (Enterprise/Enterprise Plus).
  • Documented implementation/maintenance: DMARC/SPF/DKIM, MTA-STS/TLS-RPT, DLP (Gmail/Drive), Vault (retention/holds), Alert/Security Center, Context-Aware Access, SSO (SAML/OIDC), SCIM, OAuth app controls, Endpoint Management, Chrome Enterprise.
  • Experience in audits and compliance delivery: SOC 2, ISO 27001, PCI DSS, NIS2 (gap-analysis, evidence, remediation).
  • Practical experience: SIEM/SOAR, EDR, WAF, DLP, KMS/HSM, CSPM/CNAPP;
    CI/CD security (SAST/SCA/IaC).
  • Strong IR skills (triage, containment, high-level forensics), also for Workspace incidents (phishing/BEC/OAuth abuse).
  • Certifications: CISSP (required), CEH (required or equivalent). Plus desirable: CISM, CCSP, OSCP, PCI ISA/QSA.
  • Polish and English – negotiation level;
    ability to write policies/standards.

Desirable:

  • GCP/AWS/AZURE certifications (Professional/Spec), Terraform/Kubernetes security, Istio/mesh.
  • Experience with Chronicle SIEM, BigQuery + Looker Studio for security reporting.
  • Wiz/Prisma/Lacework (CNAPP), CrowdStrike/SentinelOne (EDR), XSOAR/Tines (SOAR), HashiCorp Vault.

We offer:

  • compensated days without service delivery obligation (up to 31!)
  • UNUM group insurance
  • private medical care and sport card
  • cooperation from our office in Rynek in Wrocław (Św. Mikołaja) / Przeskok in Warsaw
  • Firma retreats abroad or in Polska once a year (bonding time, yeah!)
  • Firma equipment provided
  • budget for your training and development
  • access to Google Cloud Skills Boost platform

Szczegóły oferty:

  • Firma: FOTC
  • Stanowisko: Security & Compliance Leader
  • Miejsce pracy: Wysokie Mazowieckie
  • Kraj: PL

Jak złożyć aplikację:

Po zapoznaniu się z kryteriami i wymaganiami opisanymi w informacjach o pracy Security & Compliance Leader at the office Wysokie Mazowieckie powyżej, niezwłocznie przygotuj dokumenty aplikacyjne, takie jak list motywacyjny, CV, kopię dyplomu oraz inne załączniki. Wyślij aplikację, klikając 'Następna strona' poniżej.

TO OGŁOSZENIE WYGASŁO (ponad 30 dni temu).
Szukaj aktualnych ofert pracy na naszej Strona główna.

Podobne oferty pracy

  Senior Data Engineer at Orifarm
Opublikowano: 1 day ago

Opis: As a Senior Data Engineer, you will play a key role in shaping and operating Orifarm’s data platform in a regulated (GxP) environment. You will combine hands-on engineering with technical leadership,...

Firma: Orifarm | Lokalizacja: Wysokie Mazowieckie

  Devops at Daftcode
Opublikowano: 1 day ago

Opis: Daftcode is a technology group driven by an analytical approach to business. As a venture builder, it creates, scales and invests in startups in such areas as: Deep Tech, FinTech, InsurTech, Cyber Sec...

Firma: Daftcode | Lokalizacja: Wysokie Mazowieckie