- Location
- Warsaw Office, Poland
- Workplace
- Remote, Onsite
- Type
- Full-time
- Department
- Administration
- Seniority
- Senior
- Source
- Workday
Description
Who We Are:
At Northland, we’re enablers of change, united by our journey to transform the energy sector into the foundation for a sustainable future.
Since our inception, we’ve been early movers in the energy industry, adopting new initiatives that pave the way for communities across the globe and helping forge their path towards a carbon-neutral landscape.
We’re a different kind of independent power producer. As developers, owners and operators who are at the forefront of the energy transition, we’re uniquely positioned to leave a lasting impact in the regions where we operate. We’ve expanded our business across Canada, the United States, Latin America, Europe and Asia to become a global leader, all by bringing together industry experts to find solutions with an entrepreneurial mindset.
While our work powers communities across the globe, Northland is powered by our people.
Reporting to the Head of IT/OT Security & Compliance, the Information Security Officer & Senior Security Analyst, GRC, is responsible for information security governance, risk management, and compliance across IT and OT environments, with a primary focus on the EU NIS2 Directive and Poland’s National Cybersecurity System Act (KSC Act).As the local information security authority and regulatory liaison for Poland, this role ensures compliance with local legal and regulatory requirements while aligning them with the organization’s global information security framework. The position serves as a trusted advisor to business leaders, maintains an auditable information security compliance posture, and supports the organization’s obligations as an essential or important entity under applicable critical infrastructure protection legislation.
The role is also a member of the global IT/OT Governance, Risk, and Compliance (GRC) team, contributing to the broader enterprise security program.
This position will be based in our Warsaw office. Additionally, this role will be 4 days in office per week, with one flexible day available for employees to work from home.
Key Responsibilities
- Lead the implementation and ongoing management of critical infrastructure and information security compliance programs, including NIS2 and the Polish KSC Act.
- Maintain and continuously improve the Information Security Management System (ISMS), ensuring compliance with regulatory, corporate, and industry standards (e.g., ISO 27001).
- Serve as the primary liaison with regulators and critical infrastructure protection authorities, ensuring timely incident reporting, audit readiness, and regulatory compliance.
- Identify, assess, and manage cyber and information security risks across IT and OT environments, including oversight of the enterprise cyber risk register and risk treatment activities.
- Develop and maintain cybersecurity policies, standards, and governance frameworks, ensuring alignment between local regulatory requirements and global security practices.
- Oversee compliance monitoring, internal and external audits, incident management, and the implementation of corrective actions.
- Provide cybersecurity advisory support to business leaders and operational teams, embedding security requirements into business operations, projects, and strategic initiatives.
- Manage third-party cybersecurity risk, including vendor assessments, due diligence, and ongoing oversight of critical service providers.
- Deliver cybersecurity awareness and regulatory training programs and promote a strong security culture across the organization.
- Drive continuous improvement of governance, risk, compliance, and security control effectiveness through metrics, reporting, and maturity assessments.
Who You Are:
- Methodical and organized: You naturally work in a methodical way and relish the opportunity to add structure and order to your work. This will help with the competing priorities you will be managing.
- Collaborative: You build relationships and enjoy working as a team player to get things done.
- Independent: You are an independent thinker and naturally set your own timescales and milestones to ensure you meet your objectives. You know when you need to ask for help and are comfortable doing so.
- Eager and adaptable: You are eager to learn and expand your skillset, and comfortable adapting to changing priorities in a fast-paced and deadline-driven environment.
- A strong communicator: You have exceptional oral and written communication skills.
Qualifications and Experience
- Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
- 5+ years of cybersecurity experience with a focus on governance, risk, and compliance (GRC).
- Experience implementing and managing NIS2, the Polish KSC Act, ISO 27001, or similar regulatory and security frameworks.
- Professional certifications such as CISSP, CISM, CRISC, and/or ISO 27001 Lead Implementer/Auditor are preferred.
- Strong understanding of cyber risk management frameworks (e.g., NIST CSF, ISO 27005), IT/OT security controls, and regulatory compliance requirements.
- Experience supporting critical infrastructure, energy, industrial, or OT/ICS environments is preferred.
- Proven audit, risk assessment, stakeholder management, and cybersecurity advisory experience.
- Strong communication, presentation, and relationship management skills, with the ability to translate regulatory requirements into practical business controls.
- Fluency in Polish and English.
- Self-motivated, collaborative, hands-on professional with strong judgment, prioritization skills, and a passion for cybersecurity and critical infrastructure protection.
What’s In It for You:
Our employees are the driving force behind our achievements. We are unwavering in our commitment to not only recognise your contributions but also to empower you to excel in every aspect of your life. Here's a glimpse of why Northland is the place where you'll truly thrive:
Thoughtful benefits –A pension plan and health insurance are just a couple of the benefits you’ll have access to.
Wellbeing first – Staying true to our taking care of ourselves and each other value, you will have access to our global Wellness Program.
Birthdays off – You will get your birthday off work so you can celebrate however you choose. This is a paid day off to do what is important to you!
We hire talented and passionate people from different backgrounds. If you’re excited about a role but your past experience doesn’t align perfectly with this job description, we still encourage you to apply. Learn more about our diversity, inclusion and belonging commitments.
#LI-SM1
#LI-HYBRID
This document is a guide. The duties, responsibilities, and requirements of the jobs as described herein are not inclusive and are subject to change.
Northland Power is an equal opportunity employer and we are committed to creating a fair, inclusive and accessible environment. As part of our commitment we work to ensure our application process is accessible to all candidates. If you require special assistance or accommodation during the hiring process, please notify a member of the HR Department.
We use AI‑enabled tools to help identify applications that meet job‑related criteria. All applications are reviewed and decisions are made by people.