Security Awareness Specialist - fix term (9 month contract)

The Digital & Technology Team (D&T) is an integral division of the HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us, you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office, and much more? Visit our website: Heineken (https://heineken-dt.pl/en)

Global Digital & Technology (D&T) has a worldwide responsibility for all IT processes, solutions, and services. The aim is to further enhance HEINEKEN Global Functions.

Help to build a cyber-resilient organisation by driving improvements to our security policy house and risk assessment process. Join the Cybersecurity Policy Setting capability, within the Cyber Assurance Tribe.

Your responsibilities would include:

• identifing, prioritising and delivering enhancements to the security policy house and risk assessment process, ensuring that they are actionable, scalable and aligned with Cyber Assurance objectives
• coordinating and driving change and communications activities for the capability, ensuring stakeholders receive timely and clear updates
• leveraging your HEINEKEN network and subject-matter expertise to support and accelerate Cyber Assurance activities, fostering cross-functional collaboration
• contributing to the team’s agile ways of working by actively participating in Kanban ceremonies, maintaining transparent work items and promoting continuous improvement

You are a good candidate if you can:

• demonstrate a passion for cybersecurity
• demonstrate a good understanding of HEINEKEN’s Security Policy House and Security Definition of Done (e.g. risk assessment process, BIA ratings and architecture tools like LeanIX)
• apply knowledge of industry standard cybersecurity frameworks (e.g. NIST, ISO 27001, COBIT and relevant laws and regulations such as privacy laws)
• bring at least 5 years of experience in IT, cyber security, or risk management
• act as a Cybersecurity ambassador by clearly communicating Information Security & Risk requirements to the Product teams and Global Functions
• communicate security concepts clearly and concisely to both technical and non-technical stakeholders
• work effectively in a cross functional environment, collaborating with diverse teams and cultures
• use investigative, analytical and problem-solving skills to identify root causes, evaluate options and resolve issues efficiently
• produce structured, high-quality analysis and reporting that supports decision-making
• apply Agile principles and contribute effectively to Kanban-based ways of working
• adapt to dynamic environments, managing shifting priorities while maintaining focus on security deliverables
• demonstrate end-to-end ownership and accountability in all assigned work
• proficient in English, both written and verbal

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in the Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to the global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting the proper option in this tool or by communicating it on the hotline. #LI-HYBRID