Job Description
Do you believe that world needs a little bit more innovation ?
Do you want to impact daily routines of millions of people ?
Do you believe you can do it ?
We might have a proposition for you!
About the jobTo support our expanding business in Circle K Europe, we are looking for a Security Analyst to support the Global Security Governance, Risk and Compliance Team. This is a broad Governance, Risk and Compliance role in which you will help our business overcome its IT security challenges. You will be part of a team that stretches around the globe and will have great flexibility in how you develop in your role over time. This is a hybrid role in which connecting to local colleagues is essential, so some physical presence in the office is expected, but there is great flexibility around this.
Who you areWe are looking for someone who is not afraid of getting their hands dirty. A do-er with good common sense. We would like you to have some general knowledge of common compliance frameworks and standards (e.g. PCI-DSS, GDPR, or the NIS2 Directive), but it is much more important that you have applied knowledge. You are someone who gets curious and likes to check things. You are good at explaining complex content to others but without bothering them with unnecessary detail. If you are a good writer on top of that, that's a plus.
Role descriptionManage and bring continuous improvement to the Global Security document lifecycle. Build and maintain an inventory of level 1-4 documentation and ensure it complies with legal and regulatory requirements. Identify gaps and coordinate their closure with document owners. Manage the annual review cycle for all documentation.
Manage Circle K Europe’s journey towards ISO 27001 certification and build a long-term certification implementation and maintenance plan for CKE.
Take responsibility for the GRC aspects in CKE’s ongoing post-acquisition integration project (planned until 2027), such as for example:
KRITIS compliance integration as of FY26
Assist with PCI DSS scoping
Identify security integration, communication and awareness requirements
Build and roll out an implementation plan for NIS2 and DORA compliance based on the outcome of the currently (FY25) compliance assessment and take responsibility for maintaining compliance over time.
Execute critical risk assessments in CKE until the GS Risk Team has been established. Once established, ensure a smooth transition.
Set up and manage local security compliance processes together with other applicable teams (e.g. Procurement, Legal), for example for security incident reporting and responsible disclosure (NIS2).
QualificationsSolid background in IT with 5 to 10 years of applied experience in IT security.
Affinity with security operations, network security, cloud security, application security...you feel affinity with many domains and have specialized in a few.
Experience in a retail IT context would be a plus.
Relevant security certifications.
Other requirementsExcellent proficiency in written and spoken English. Other European languages are a plus.
You don't take things at face value and like to check how matters are applied versus their theory.
Experience in a global team is desirable.
Receiving "I don't know" for an answer is a motivator for you to dig deeper and find out what is going on.
You are comfortable working independently - no handholding.
You understand that security needs to enable a business, not disable it.
Experience in working with offshore teams is a plus.
Hybrid work model.
When working with us you can depend upon it that you will not be judged on the grounds of race, national origin, gender, sexual orientation, disability, age, or other legally protected status. Oppositely – we believe that our diverse and inclusive culture helps us create an amazing atmosphere where everybody feels welcome.
Check who we are here: https://youtu.be/td-QGnNnvW0
Want to know even more about us? Take a look at our career page: https://workwithus.circlek.com/global/en/businesscentrewarsaw
Interested?
We encourage you to apply.
We know great companies are built from within, by great people like you. Come grow with us!
We´re looking forward to your application
We hereby inform that in the company Circle K Business Centre Poland sp. z o.o. with registered office in Warsaw an Internal Notification and Follow-up Actions Procedures applies.
The document describes rules for reporting violations of law by whistleblowers. Full content of the above-mentioned Procedure is available here: https://www.circlek.pl/o-nas/procedury-zgloszen