Governance and Risk Lead
Governance and Risk Lead
Location – Cracow
Why this job is for you:
This position offers a unique opportunity for a seasoned professional to play a pivotal role in shaping and strengthening the organization’s information and cyber security posture. As the Governance and Risk Lead you will be entrusted with advancing a culture of security awareness and operational resilience across both central functions and manufacturing environments.
In this role, you will lead the development and delivery of comprehensive security awareness initiatives, including phishing simulations and cyber scenario exercises, ensuring that teams are well-prepared to respond to evolving threats. You will also serve as a key point of contact for internal and external stakeholders, managing and responding to enquiries related to the organization’s information and cyber security frameworks.
Your responsibilities will extend to supporting cross-functional collaboration with IT, procurement, legal, data protection, and digital security teams, particularly in the context of supplier due diligence and third-party risk management. You will oversee risk-based assurance activities, contribute to the continuous improvement of security controls, and maintain elements of ISO 27001 documentation and compliance.
Additionally, you will facilitate the management of IT risk registers, tools, and reporting processes, ensuring alignment with broader governance and compliance objectives. You will also assume ownership of specific initiatives delegated by the Head of I&T GRC, contributing to the strategic development of the organization’s governance, risk, and compliance capabilities.
You will:
- Engage with key IT and business stakeholders in relation to: risk management, security awareness training, facilitation of cyber scenario desktop simulations across central and manufacturing site teams, customer security questionnaires, supplier security reviews, risk management and requirements
- Manage and continuously improve I&T and Security risks processes in accordance with company risk appetite and tolerance, validating that risk is clearly articulated and management response is well defined
- Engage risk review and assurance activities across existing suppliers
- Provide IT and business advice on aspects of security standards and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2
- Engage with I&T system owners to provide training in relation to information security, cyber resilience, phishing, and facilitation of cyber scenario desktop simulations across central and manufacturing site teams
You have:
- Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks, including non-security or IT stakeholder
- Working knowledge of technology and security requirements and consequences across both IT and manufacturing environments in manufacturing or similar industries
- Proven analytical, problem-solving, planning, project delivery and supplier work packages management skills
- Effective time management skills and ability to plan against multiple competing demands
- Occasional planned travel (‘site’ visits) within the UK and internationally as part of business engagement outlined
- Working towards or achieved professional certifications (ISO27001 lead, ISC2, CISM or CRISC) advantageous
- Experience working with information security standards and frameworks such as ISO27001, NIST CSF, Cyber Essentials
- Experience of information and cyber security regulations such as PCI DSS, NISD and NIS2
- Fluency in English
The information necessary in the recruitment process is: name, surname, contact details, education, previous employment record and qualifications.
Any supplementary information you provide is processed on the basis of your consent.
For the purpose of application to the position specified in the job posting we ask you to place the following statement in your application:
“I, hereby, consent to the processing of my personal data contained in the application for the job by International Paper Polska Sp. z o.o for the purpose and to the extent necessary in the recruitment process.”
If you want to take part not only in the recruitment process for the job position you applied for but in future recruitment processes as well, we ask you to place the following statement in your application:
„I, hereby, consent to the processing of my personal data contained in the application for the job by International Paper Polska Sp. z o.o for the purpose and to the extent necessary in the current recruitment process and in the future recruitment processes as well.”
To see Privacy Notice click here: Privacy notice
Krakow, MAL, PL, 31-503