Information Security Governance Lead

Level

Middle

Department

Other IT Positions

Type

Full Time

Project

bolttech

Locations:

Warsaw

Remote

Job Details

Posted on:

September 26, 2025

Job ID:

About the Company

Established in 2004, ALLSTARSIT was founded with a clear vision: to enhance the landscape of global IT employment by bridging the gap between companies and skilled professionals. The core belief was that assembling a team shouldn't be hindered by geographical constraints. Fast forward to the present day, ALLSTARSIT stands as an international outstaffing service provider committed to change the way businesses recruit, compensate, and oversee top talent worldwide.

With operational hubs scattered across Europe, Asia, and LATAM, and its headquarters situated in San Francisco, US, the company boasts a workforce of over 1,000 adept professionals. Spanning across more than 20 countries, ALLSTARSIT offers a diverse range of skilled employees across various verticals, including AI, cybersecurity, healthcare, fintech, telecom, media, and so on.

About the Project

bolttech is an international insurtech with a mission to build the world’s leading, technology-enabled ecosystem for protection and insurance. With a full suite of digital and data-driven capabilities, bolttech powers connections between insurers, distributors, and customers to make it easier and more efficient to buy and sell insurance and protection products. A part of Pacific Century Group, bolttech serves customers in multiple markets across North America, Asia and Europe.‍

In this position you will…

Spearhead the development, implementation, and maintenance of the organization's information security governance framework, ensuring that policies, procedures, and standards align with regulatory requirements and best practices. You will collaborate closely with various departments, providing leadership and guidance on security-related matters, and ensuring that the organization's security posture is both robust and compliant.

Specialization

Headquarters

Years on the market

Team size and structure

Current technology stack

Required skills:

Bachelor's degree in Information Security, Computer Science, or a related field. Advanced degrees or certifications (e.g., CISSP, CISM, CGEIT) are a plus.
Minimum of 3 years of experience in information security, with a focus on governance, risk, and compliance.
Strong understanding of information security principles, frameworks (e.g., ISO 27001, NIST), and regulatory requirements.
Excellent communication skills, both written and verbal, with the ability to present complex security topics to a varied audience.
Demonstrated ability to build and maintain relationships with stakeholders at all levels of the organization.

Scope of work:

Governance Framework Development: Design and maintain a comprehensive information security governance framework that aligns with the organization's objectives and regulatory landscape.
Policy and Procedure Management: Develop, review, and update information security policies, procedures, and standards. Ensure that they are communicated and understood across the organization.
Regulatory Compliance: Stay abreast of local, national, and international regulatory requirements related to information security. Ensure that the organization remains compliant and is prepared for any audits or assessments.
Stakeholder Collaboration: Work closely with various departments, including IT, People and Legal, to ensure that security considerations are integrated into all organizational processes.
Training and Awareness: Develop and implement security awareness programs to ensure that all employees are educated about security policies and best practices.
Performance Metrics: Establish and monitor key performance indicators (KPIs) to measure the effectiveness of the security governance program.
Continuous Improvement: Regularly review and refine the governance framework to ensure its relevance and effectiveness in the face of evolving threats and business needs.
Vendor Management: Ensure that third-party vendors comply with the organization's security requirements and standards.
Customer Management: Work with business stakeholders to manage and respond to security assessments.

Key competencies:

Analytical Skills: Proficiency in analyzing complex security data, identifying trends, and translating findings into actionable insights and recommendations.
Stakeholder Engagement: Demonstrated ability to engage, influence, and collaborate with stakeholders from various departments, ensuring that security considerations are integrated into all organizational processes.
Regulatory Knowledge: Deep understanding of local, national, and international regulatory requirements related to information security, and the ability to translate these into organizational policies and practices.
Communication Proficiency: Exceptional communication skills, both written and verbal, with the capability to articulate complex security topics in a clear and concise manner to a diverse audience.
Continuous Learning: Commitment to staying updated with the latest developments in the field of information security, governance frameworks, and emerging threats.
Problem-Solving: Strong problem-solving skills with the ability to address security challenges proactively and implement effective solutions.
Project Management: Demonstrated ability to manage multiple projects simultaneously, ensuring timely completion and adherence to the highest standards of quality.
Risk Management: Proficiency in assessing and mitigating risks, ensuring that the organization's security posture is robust and resilient against threats.
Adaptability: Ability to adapt to a rapidly changing security landscape and pivot strategies and approaches as needed to address new challenges.