I&T GRC Information Security Specialist

**Location – Krakow****Why is this job for you:**The I&T GRC function supports the CISO and IT leadership across a range of information security, cybersecurity and technology risk controls, in support of IT, business, regulatory and customer requirements.Reporting to the Head of I&T GRC or direct report thereof, the role provides internal information security control consultancy and assessment. Reporting to the Head of I&T GRC or direct report thereof, the role provides internal security controls consultancy and assessment, supports business and IT stakeholder third party risk management arrangements and operates greed I&T GRC operated processes or controls.**You will:*** Create information and cybersecurity documentation (standards, processes, or guidance) in support of certification and compliance goals in the context of external certification and regulatory compliance requirements (e.g., ISO27001 and EU NIS2 implementation)* Own or support assigned agreed information security controls operated by I&T GRC e.g., risk process management, aspects of training and awareness in collaboration with wider team, support for desktop simulations* Respond to customer security assurance requirements. Supplier security schedule / assurance**You have:*** Experience of working in large, multi-national and cross-functional teams supporting IT and business stakeholders* Good working knowledge of recognised information and cybersecurity standards such as the NIST CSF, ISO27001, Information Security Forum SOGP* Experience of information security controls design and documentation, assessment and/or assurance* Experience information security customer questionnaires, supplier assurance and third-party risk management* Hands on experience of GRC platforms and/or use of Microsoft tooling e.g., Power BI building on SharePoint capabilities* Knowledge of or practical experience of the range of information security and cyber security domains e.g.:* Security policy frameworks (e.g., policy, standards, guidelines, procedures)* IT and cyber security risk management process management and tools* IT resilience and recovery* Experience of configuring or administering GRC platforms and/or use of Microsoft tooling e.g., Power BI building on SharePoint capabilities, or security tools such as training and awareness or simulated phishing tools* Professional or academic qualification in relevant subject e.g., Computer Science, Information Security, Legal or Data Protection topics* Has achieved or has ambition to achieve relevant certification e.g., Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Management (CISM) or related* Ability to travel up to 20%* Fluency in EnglishWe are DS Smith, together with International Paper, we are a global leader in sustainable packaging solutions and other fibre-based products. We believe a better, more sustainable tomorrow is possible with the right people, who challenge and support one another to enact positive change. We employ more than 60,000 colleagues in North America and Europe, Middle East and Africa (EMEA), who are experts in innovation, manufacturing, design, sales, sustainability, supply chain, and much more. Together with our customers, we make the world safer and more productive, one sustainable packaging solution at a time. Become part of a world-leading organisation and do your best work with us!As the journey continues of bringing together the strengths of both organisations, during your candidate experience you may engage with our colleagues from International Paper! You could visit an International Paper or DS Smith site or office. #J-18808-Ljbffr