Requirements: English
Company: Arla Global Shared Services Sp. z o.o.
Region: Gdask , Pomeranian Voivodeship
about-project :
- We are looking for an experienced Information Security specialist to take the lead in managing
- third-party risks, integrating data privacy considerations, and in driving NIS2 directive compliance across our IT & digital landscape.
- This key role will ensure that the company adheres to international and local regulations, corporate governance standards and best practices, while maintaining the security of its information assets. The role is positioned within the Information Security GRC Team, part of the CISO organization in IT department.
responsibilities :
- How you will make an impact
- You will be responsible for driving our Third-Party Risk Management agenda in relation to IT systems, applications, platforms, etc. in Arla, and for ensuring compliance with NIS2 directive requirements. You will collaborate closely withLegal, Procurement and across IT departments, enabling secure and privacy-compliant solutions for global Arla.
- Third-Party Risk Management, Privacy Compliance
- Lead and evolve the Third-Party Risk Management (TPRM) framework, embedding it across business units and supplier engagements.
- Lead risk assessments for third-party vendors, with an emphasis on data privacy, security controls, and contractual safeguards.
- Ensure that vendor risk assessments are embedded from the outset of new projects, partnerships, and digital initiativessupporting secure-by-design practices from day one.
- Drive a program for regular security reviews of strategic and high-risk vendors, ensuring evolving threats, compliance gaps, and control deficiencies are continuously managed.
- Work closely with IT Risk Management to align vendor-related risks with the broader enterprise risk landscape.
- Collaborate with Procurement and Legal teams to integrate security and data privacy criteria into vendor selection processes, enabling risk-informed decisions before onboarding.
- Collaborate with Legal on GDPR and data privacy compliance to embed privacy design across systems and processes.
- Collaborate with senior leadership, business units, and external auditors to ensure that security practices are understood and integrated into the broader business strategy.
- NIS2 Compliance & Governance
- Ensure internal policies, controls, and monitoring practices meet the directives operational resilience, incident reporting, and supply chain requirements.
- Drive the implementation of NIS2 compliance programs, aligning with business and IT strategies.
- Identify and assess critical suppliers, partners, and internal systems in scope for NIS2.
- Define security measures proportionate to risk and regulatory obligations.
- Monitor adherence to NIS2 requirements, supporting risk-based reporting to executive leadership.
requirements-expected :
- Candidates with background in both Legal AND Cyber Security areas are preferred.
- You are focused and persistent about achieving goals and can create great collaboration betweenLegal, Procurement and global IT teams. You know how to plan your tasks and stick to your plan and follow-upwhere needed.You will be working with a complex stakeholder environment, thus you have great facilitation skills and thrive engaging with people of different cultures and from various backgrounds.
- Furthermore:
- Masters degree in Information Security, Cybersecurity, IT or a related field.
- 10+ years of experience in Information Security Governance, working extensively with risk management and legal compliance.
- Candidates with background in both Legal AND Cyber Security areas are preferred.
- Certifications like CISSP and CISM are highly valued in the recruitment process.
- Strong knowledge of regulatory and compliance frameworks such as NIS2, GDPR, ISO 27001, NIST.
- Excellent communication skills, with the ability to present complex security topics to senior leadership and non-technical stakeholders.
- Experience working in a large, global organization with a complex technology landscape.
- Ability to work in a fast-paced, dynamic environment.
- High level of integrity and accountability.
- Experience in Agile delivery methodology-would be aplus.
- Speak and write English effortlessly.
- Please note that this role requires you to be in the office 50% of the time + one additional day (monthly).
offered :
- Global Shared Services is truly a global setup. As such, you will have the opportunity to collaborate closely with business areas across cultures and borders. You can bring your knowledge and understanding into the mix to break new ground with Customer Service in Global Shared Servic