Security & Compliance Leader

Join to apply for the Security & Compliance Leader role at FOTC

We’re FOTC – a team of cloud enthusiasts helping companies get the most out of Google Cloud and Google Workspace. Whether it’s moving to the cloud, building smarter workplaces, using AI, or simply making everyday work easier, we’re here for it. With over 10 years of experience and a global client base of more than 6,500 companies, we operate from offices in Wrocław, Warsaw, Bucharest, Budapest, and remotely worldwide.

We’re a Google Cloud Premier Partner committed to solving complex problems with simple, innovative solutions.

Work should make sense in real life, not just on paper. We value innovation, partnership, responsibility, flexibility, transparency, and a team you can count on. We support each other, share knowledge, and celebrate wins—big and small.

• Own end‑to‑end security of cloud and user environments (GCP, AWS, Google Workspace); oversee prevention, detection, response, and compliance (SOC 2, ISO 27001, PCI DSS, NIS2). • Ensure privacy and business continuity.
• Develop and maintain Security/GRC strategy, roadmap, policies, standards, and controls; classify assets & data.
• Manage risk register, third‑party risk (TPM), business continuity & disaster recovery; embed privacy by design in partnership with legal and DPO.
• Harden platform security: IAM, networking, WAF, KMS/HSM, DLP, secret management, CSPM/CNAPP; perform IaC/containers scanning.
• Configure and maintain monitoring, logging, and SIEM: export to Chronicle/Big Query, build detection rules, SOAR playbooks.
• Implement Google Workspace Security, including Identity & Access Management (SSO, SCIM, Beyond Corp, MFA/passkeys), email protection (SPF, DKIM, DMARC, MTA‑STS, BIMI), DLP, and organizational policies.
• Operate security alert center and IR: triage phishing, BEC, OAuth abuse; run tabletop exercises and root‑cause analysis.
• Provide compliance support: provide evidence for SOC 2, ISO 27001, PCI DSS, NIS2; manage e‑discovery and data retention via Google Vault.
• Automate security processes with Admin SDK, GAM, Apps Script, and incident response automation.
• Design and run a lightweight SOC (SIEM/SOAR/EDR) with on‑call rotation.
• Apply Dev Sec Ops  best practices: SAST, SCA, DAST, IaC scanning, SBOM, supply‑chain security, secret scanning.
• Lead security awareness and training programs: phishing drills, secure coding, and Workspace device security.
• Manage a small Sec Ops/App Sec/GRC team, coordinate with Cloud, Dev Ops, Data, Legal, and Engineering leads.

• 6–10+ years in cybersecurity; 3+ years in cloud security (GCP/AWS/Azure) and 2+ years practical Google Workspace Security experience.
• Documented implementation/maintenance of DMARC/SPF/DKIM, MTA‑STS/TLS‑RPT, Gmail/Drive DLP, Google Vault retention, Google Security Center, Context‑Aware Access, SSO, SCIM, OAuth controls, Endpoint Management, Chrome Enterprise policies.
• Hands‑on experience with SOC 2, ISO 27001, PCI DSS, NIS2 audits and remediation.
• Proficiency with SIEM/SOAR, EDR, WAF, DLP, KMS/HSM, CSPM/CNAPP, CI/CD security (SAST, SCA, IaC), and incident response.
• Strong IR skills – triage, containment, high‑level forensics, especially for Workspace incidents.
• Certifications:
  
  CCSP (required), CEH (required or equivalent). Desirable: CISM, OSCP, PCI‑ISA/Q.
• Fluent Polish and English, strong communication and policy drafting skills.
• Professional cloud certifications (GCP, AWS, Azure), Terraform/Kubernetes security expertise, Istio/Service Mesh knowledge.
• Experience with Chronicle SIEM, Big Query, Looker Studio, CNAPP tools (Wiz, Prisma, Lacework), EDR (Crowd Strike, Sentinel One), SOAR platforms (XSOAR, Tines), and Hashi Corp Vault.

• Competitive compensation plus up to 3 days paid time‑off for health, sports, or personal projects.
• Unum group insurance, private medical care, and sports benefits.
• Company retreats abroad or in Poland once a year.
• Company equipment and a dedicated budget for training and development.
• Access to Google Cloud Skills Boost platform and other learning resources.

• Seniority level:
  Mid‑Senior
• Employment type:
  
  Contract
• Job function:
  Information Technology
• Industries: IT Services and IT Consulting

Your application will be reviewed promptly. If you’re ready to lead the security and compliance function for a global, cloud‑focused organization, submit your application today.