Work with HelloFresh in Warsaw and its HelloTech organisation, HelloFresh’s global technology backbone with more than 1000 people, building the digital products that power our end-to-end food experience. From meal kits and ready-to-eat meals to specialty offerings like pet food and premium meat & seafood, HelloTech creates the platforms that bring tailored food solutions to millions of customers every month.

Our subscription-based, direct-to-consumer model relies on technology at every step, from customer-facing apps and personalization logic to pricing, forecasting, supply chain optimization, and initiatives that help reduce food waste. While our brands operate independently to serve distinct customer needs, they are united by shared platforms, data, and operational excellence built by HelloTech.

HelloTech works in autonomous, cross-functional alliances, each owning a specific product or domain end to end. By working with our Warsaw office, you will help shape scalable, data-driven products used across our markets, working with a modern tech stack and international teams to continuously improve how people discover, order, and enjoy HelloFresh’s products, today and in the future.

About the role: What's in the Box

The service provider will contribute to the Governance, Risk & Compliance (GRC) function within HelloTech, focusing on the implementation and maintenance of information security compliance and certification programs. This engagement involves providing specialized services to ensure alignment between technical systems and global regulatory frameworks, supporting data protection initiatives, and managing third-party vendor risk assessments to safeguard the HelloFresh ecosystem.

What you’ll do: The Recipe

• Lead end-to-end compliance readiness for NIS2 and provide alignment services across key frameworks including PCI DSS, CSRD, ISO/SOC, and the EU AI Act.

• Plan and execute internal control assessments and coordinate external compliance audits on a defined cadence.

• Translate regulatory requirements into practical controls and drive cross-functional implementation across international technical units.

• Manage remediation processes by tracking findings, evidence, and deadlines, providing regular status reports to primary stakeholders.

• Enhance GRC maturity through continuous monitoring, comprehensive documentation, and technical guidance for other contributors.

• Evaluate and validate the design and operational effectiveness of security policies, standards, and internal controls to mitigate compliance risk.

• Develop accurate technical reports and presentations regarding the compliance landscape for executive and technical stakeholders.

What you’ll bring: The Ingredients

• 3+ years of experience delivering compliance services in a corporate environment focused on IT General Controls (ITGC), SOC 2, ISO 27001, PCI DSS, and EU NIS2.

• Profound knowledge of data privacy directives including GDPR and CCPA/CPRA.

• Proven ability to interpret complex compliance regulations and map them to specific system implementations and security frameworks.

• Experience supporting third-party risk management programs and data privacy operations.

• Expertise in developing and executing security awareness initiatives and technical training modules.

• Strong organizational skills with the ability to provide services independently in a high-growth environment.

• Prior experience providing services within SaaS environments, specifically involving Cloud and AWS infrastructure.

• Industry certifications such as CISA, CISM, or CISSP are highly regarded.

Above all, we are looking for individuals who will make HelloFresh better. We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you.

What we offer: The Toppings

• Global collaboration at scale: Collaborate with experienced engineers and product partners across HelloTech’s international teams, in a culture of active knowledge sharing.
• Technology with real-world impact: Build and operate modern systems at global scale, supporting 6+ millions of customers and complex supply chain operations.
• Technical/Product/Design leadership: Drive best practices and influence architecture/design, quality, and ways of working in an autonomous, product-led setup.
• End-to-end development/delivery: Drive decisions from problem definition to production, improving systems and enabling long-term scalability.
• Access to workspace at Warsaw Centre Point. The hub offers modern facilities including showers, breakout zones, outdoor space, cycle parking, and refreshments (coffee, soft drinks, and fruit).

Are you the missing ingredient? If this sounds like a tasty opportunity, we’d be excited to hear from you.  We aim to review your profile and respond within 5 business days.

About Insight Assurance
Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO) frameworks.

We’re not your traditional audit firm — we’re tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients.

Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.

POSITION SUMMARY

The ISO Analyst supports the audit and assurance teams in performing ISO 27001 certification assessments and related information security audits. Working under the supervision of an Auditor, Lead Auditor, or Manager, the ISO Analyst assists in audit planning, evidence review, report preparation, and overall quality assurance.

This role requires strong attention to detail, effective communication skills, and a foundational understanding of management systems and information security principles.

KEY RESPONSIBILITIES

General Audit Support

• Ensure that all internal processes are followed correctly and consistently.

• Assist in the creation of audit programs and plans for clients and upcoming audits.

• Support evidence classification, review, and sampling activities.

• Take detailed notes during audits and assist in preparing high-quality reports.

• Send recap and follow-up communications as required.

• Collect statistics and support KPI reporting.

• Communicate effectively with stakeholders at all organizational levels using professional language and terminology.

• Maintain ethics, fairness, and accuracy in all audit documentation and reporting.

• Protect confidentiality of personally identifiable information (PII) and intellectual property (IP) belonging to both the firm and clients.

• Demonstrate professionalism and responsibility in all interactions.

Administrative & Coordination Tasks

• Handle client ingestion and onboarding activities.

• Perform HubSpot data scrubbing and updates.

• Register new engagements in Asana and coordinate Insight ONE transfers (in or out).

• Create SharePoint folders and upload Evidence Lists (EL).

• Follow up on CUP (Client Upload Portal) submissions.

Audit Planning Support (in collaboration with the ISO Manager)

• Follow up on CUP status and pending uploads.

• Send planning call recaps and assist with scheduling.

• Communicate auditor assignments and update Asana tasks.

• Collect and report metrics on Turnaround Time (TAT) for audit plan delivery.

Audit Execution Support (in collaboration with ISO Auditors)

• Ensure auditors have access to necessary GRC platforms and client systems.

Audit Reporting & Quality Assurance (in collaboration with ISO Manager)

• Collect metrics on TAT for archive submissions.

• Register findings in the Universal Registry of Findings.

• Complete archive QA forms and support non-technical QA reviews, including:

  • Audit Report

  • Audit Plan

  • Audit Program

  • Registry of Findings

Certificate & Registry Management

• Handle certificate registration in the appropriate database.

• Maintain IAF CertSearch registrations and updates.

Knowledge Requirements
• Organizational structures, governance, and workplace practices.
• Information and data systems, documentation systems, and IT fundamentals.
• Audit principles, practices, and techniques in accordance with ISO standards.
• Management system standards and normative documents required for certification.
• Certification Body (CB) processes and procedures.
• Industry terminology, practices, and expectations relevant to the client’s business sector.
• Common products, processes, and operations across industries to understand client context.
• Application of management system requirements to various organizational types.
• ISMS-specific documentation structures and interrelationships.
• Information security management tools, methods, and techniques.
• Information security risk assessment and risk management principles.
• ISMS processes and current information security technologies.
• ISO/IEC 27001 requirements and implementation principles.
• ISO/IEC 27002 controls (and sector-specific standards if applicable), including:
• Information security policies
• Organization of information security
• Human resource security
• Asset management
• Access control and authorization
• Cryptography
• Physical and environmental security
• Operations and IT service security
• Communications and network security
• System acquisition, development, and maintenance
• Supplier relationships and outsourced services
• Information security incident management
• Business continuity and redundancy planning
• Compliance and information security reviews
• Legal and regulatory requirements in information security by geography and jurisdiction.
• Information security risks and technologies relevant to the client’s industry.
• The impact of organization size, structure, and governance on ISMS implementation.
• Legal and regulatory requirements applicable to products or services.

Key Competencies
• Attention to detail and analytical thinking
• Written and verbal communication
• Integrity, confidentiality, and professionalism
• Understanding of ISO/IEC 27001 and 27002 standards
• Organizational and time management skills
• Team collaboration and adaptability
• Continuous learning and improvement mindset

What We Offer
• Opportunity to work with global experts in cybersecurity and ISO assurance.
• Exposure to top-tier clients and diverse industries.
• Professional development and certification support.
• Collaborative and remote-friendly work environment.
• Competitive compensation and growth opportunities.

 Privacy Notice CCPA: 

• Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process.
• Insight Assurance does not sell personal data/information under any circumstances.
• You may exercise your rights under personal data protection legislation by reaching out to us via: HR@insightassurance.com or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602

Privacy Notice GDPR:

This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.

We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.

When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.

We are a U.S. based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.

The categories of Personal Data under Processing consist of:

• Identification
• Contact
• Education and Professional
• Interview performance
• Evaluation

You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:

• Right of Access – meaning getting information about the Personal Data under Processing by us, except for the information you already know;
• Right of Erasure – you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;
• Right of Opposition or Restriction of Processing – you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;
• Rectification – you can rectify your Personal Data at anytime 

CAPCO POLAND

Capco Poland is a global technology and management consultancy specializing in driving digital transformation across the financial services industry. We are passionate about helping our clients succeed in an ever-changing industry.

We are also:

• Experts in banking and payments, capital markets and wealth and asset management
• Committed to growing our business and hiring the best talent to help us get there
• Focused on maintaining our nimble, agile and entrepreneurial culture

About the Role:

This is not a typical junior PM role, and it is not a typical BA role. We are looking for someone who genuinely operates across both — someone who can go deep on cybersecurity requirements in the morning and present a data-backed product recommendation to senior stakeholders in the afternoon.
You will own the translation layer between compliance and product: taking technical security concepts and turning them into crisp requirements, user stories, and insights that drive real roadmap decisions. You will be embedded across our B2B SaaS and B2C consumer product lines, and you need to be comfortable with the distinct dynamics each brings.

Key Responsibilities:

•Act as the connective tissue between technical cybersecurity requirements and product delivery — owning documentation, requirements, and stakeholder alignment end-to-end.
•Analyze data across both SaaS and consumer product lines to surface insights, identify gaps, and make prioritization recommendations with confidence.
•Translate compliance frameworks (NIST, SOC 2, ISO 27001) directly into product requirements and acceptance criteria — without needing it filtered through a security team first.
•Run stakeholder interviews, workshops, and review sessions independently; communicate findings fluently to both technical and executive audiences.
•Maintain and continuously improve the product backlog; write user stories and functional specs that engineering can act on without back-and-forth.
•Build and own KPI dashboards and product performance reporting used by senior leadership.
•Create wireframes and process flows to communicate product requirements visually using diagramming tools such as Lucidchart or equivalent.
•Support internationalization initiatives including coordination of translation workflows, localization compliance, and regional regulatory requirements.
•Support sprint planning and serve as a reliable bridge between business needs and engineering execution.

Required Qualifications:

•1–3 years of experience in a hybrid PM and BA capacity — candidates from purely one track or the other will not be considered.
•Experience across both B2B SaaS and B2C consumer products; you understand how user needs, data models, and stakeholder dynamics differ between the two.
•Deep, hands-on cybersecurity knowledge is required; you should be able to interpret a compliance requirement and write a product spec from it without support.
•Strong data and analytics skills; experience building dashboards or reports that inform product decisions, not just track output.
•Proven ability to communicate complex technical topics clearly to non-technical stakeholders — this is a core function of the role, not a nice-to-have.
•Internationalization experience is required, including hands-on involvement with translation workflows, and localization compliance; experience with translation management platforms such as Smartling is strongly preferred.
•Experience with consent management platforms (CMPs) and the ability to translate privacy and consent requirements into product specifications.
•Experience with subscription billing platforms such as Stripe or Chargebee, including familiarity with billing logic and how billing requirements surface in product design.
•Proficiency with diagramming and wireframing tools such as Lucidchart or equivalent.
•Familiarity with NIST, SOC 2, or ISO 27001 and the ability to apply them in a product context.
•Fluency in Agile/Scrum; experience with Azure DevOps or equivalent tools.
•Strong written and spoken English proficiency is required; this role involves daily communication with US-based stakeholders via Slack, Azure DevOps, and video calls.

We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects.

ONLINE RECRUITMENT PROCESS STEPS

• Screening call with the Recruiter
• Competencies interview with Capco Hiring Manager
• Client’s interview
• Feedback/Offer

Follow us here    or contact us directly recruiting.poland@capco.com 

We are looking for a talented Security Operations Center Analyst to join our Information Security team. 

❗️ Important – On-Site Role❗️

This is an on-site position for our office in Warsaw, Poland.

Remote or hybrid arrangements are NOT available. Candidates must already be in the location or be willing to relocate. The relocation support will be provided if needed.

✅ Key Responsibilities

🔍 Monitoring and Analysis

• Monitor security alerts and events using SIEM, IDS/IPS, firewalls, and other tools.

• Perform initial triage and analysis of security events to detect potential threats and vulnerabilities.

• Investigate network traffic and system logs to identify suspicious or malicious activity.

🚨 Incident Response

• Respond to and manage security incidents in a timely and effective manner.

• Escalate incidents when necessary and coordinate response activities across teams.

• Document all findings, steps taken, and outcomes clearly.

🧾 Reporting & Continuous Improvement

• Maintain detailed records of all security incidents and response actions.

• Create and contribute to incident reports and SOC documentation.

• Participate in post-incident reviews and help improve SOC procedures and playbooks.

✅ Requirements

• 2 years of experience in security operations, incident response, or threat monitoring.

• Strong knowledge of cybersecurity principles, threat vectors, and defense techniques.

• Experience with SIEM tools (e.g., Splunk, Sentinel, QRadar, ELK).

• Familiarity with IDS/IPS, EDR, firewalls, and email/web security solutions.

• Cloud security knowledge (AWS and Azure preferred).

• Understanding of web protocols and application-layer attacks.

• Experience in security investigation and threat hunting.

• Familiarity with MITRE ATT&CK, Cyber Kill Chain, etc.

• Strong communication skills and attention to detail.

✅ Nice to Have

• Bachelor’s degree in Computer Science, Cybersecurity, or related field.

• Knowledge of compliance frameworks such as ISO27001, ISO27701, PCI DSS, GDPR, etc.

✅ What We Offer

💻 Learning and development opportunities and interesting, challenging tasks

✈️ Relocation package (tickets, staying in a hotel for up to 2 weeks, and visa relocation support for our employees and their family members)

📚 Opportunity to develop language skills, with partial compensation for the cost of English/Spanish language classes (for localization purposes)

🏥 Private medical coverage

🏝 Time for proper rest, with 20 non-business days per year and an additional 6 paid sick days

📈 Competitive remuneration level with annual review

🤝 Team building activities

CAPCO POLAND 

*We are looking for Poland based candidate. 

At Capco Poland, we’re not just another consultancy - we’re the spark behind digital transformation in the financial world. As a global leader in technology and management consulting, we thrive on helping clients tackle the toughest challenges across banking, payments, capital markets, wealth, and asset management.

ROLE OVERVIEW:

This is not a typical junior PM role, and it is not a typical BA role. We are looking for someone who genuinely operates across both — someone who can go deep on cybersecurity requirements in the morning and present a data-backed product recommendation to senior stakeholders in the afternoon.
You will own the translation layer between compliance and product: taking technical security concepts and turning them into crisp requirements, user stories, and insights that drive real roadmap decisions. You will be embedded across our B2B SaaS and B2C consumer product lines, and you need to be comfortable with the distinct dynamics each brings.

RESPONSIBILITIES:

• Act as the connective tissue between technical cybersecurity requirements and product delivery — owning documentation, requirements, and stakeholder alignment end-to-end.
  •Analyze data across both SaaS and consumer product lines to surface insights, identify gaps, and make prioritization recommendations with confidence.
  •Translate compliance frameworks (NIST, SOC 2, ISO 27001) directly into product requirements and acceptance criteria — without needing it filtered through a security team first.
  •Run stakeholder interviews, workshops, and review sessions independently; communicate findings fluently to both technical and executive audiences.
  •Maintain and continuously improve the product backlog; write user stories and functional specs that engineering can act on without back-and-forth.
  •Build and own KPI dashboards and product performance reporting used by senior leadership.
  •Create wireframes and process flows to communicate product requirements visually using diagramming tools such as Lucidchart or equivalent.
  •Support internationalization initiatives including coordination of translation workflows, localization compliance, and regional regulatory requirements.
  •Support sprint planning and serve as a reliable bridge between business needs and engineering execution.

REQUIREMENTS:

• 1–3 years of experience in a hybrid PM and BA capacity — candidates from purely one track or the other will not be considered.
  •Experience across both B2B SaaS and B2C consumer products; you understand how user needs, data models, and stakeholder dynamics differ between the two.
  •Deep, hands-on cybersecurity knowledge is required; you should be able to interpret a compliance requirement and write a product spec from it without support.
  •Strong data and analytics skills; experience building dashboards or reports that inform product decisions, not just track output.
  •Proven ability to communicate complex technical topics clearly to non-technical stakeholders — this is a core function of the role, not a nice-to-have.
  •Internationalization experience is required, including hands-on involvement with translation workflows, and localization compliance; experience with translation management platforms such as Smartling is strongly preferred.
  •Experience with consent management platforms (CMPs) and the ability to translate privacy and consent requirements into product specifications.
  •Experience with subscription billing platforms such as Stripe or Chargebee, including familiarity with billing logic and how billing requirements surface in product design.
  •Proficiency with diagramming and wireframing tools such as Lucidchart or equivalent.
  •Familiarity with NIST, SOC 2, or ISO 27001 and the ability to apply them in a product context.
  •Fluency in Agile/Scrum; experience with Azure DevOps or equivalent tools.
  •Strong written and spoken English proficiency is required; this role involves daily communication with US-based stakeholders via Slack, Azure DevOps, and video calls.

We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects.

Recruitment Process:

1. HR Interview with the recruiter
2. Technical Interview
3. Client Interview 
4. Feedback and offer

We are looking for a Senior Security Compliance Analyst to enhance our security team. This role will monitor, manage, and close existing compliance issues while analyzing internal systems for compliance with security standards. Toward this end, they will work with IT support staff who perform vulnerability assessments and develop mitigation strategies to ensure compliance with current procedures and policies across the organization. 

Typical Duties and Responsibilities

• Analyze technical controls to ensure that security and compliance requirements are met
• Verify documented processes, procedures, and standards to validate maintenance of secure configurations
• Track enterprise compliance across multiple security frameworks and maintain records of requirements and mitigating controls
• Oversee the development, documentation and maintenance of the control framework
• Evaluate organization information systems, management procedures, and security controls
• Develop performance metrics to track compliance
• Perform internal risk assessments
• Develop security and privacy awareness training
• Manage IT and Information Security projects to ensure that risk issues and security policy are addressed throughout the project life cycle
• Serve as a liaison between external auditors and internal support teams
• Manage security compliance certification assessments and audits (PCI, SOC 2, HIPAA, HITRUST, ISO 27001) 

Ability to:

• Effectively communicate technical issues to diverse audiences, both in writing and verbally;
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
• Evaluate and update and/or revise program materials;
• Learn quickly and apply knowledge to new situations;
• Handle sensitive and confidential matters, situations, and data;
• Understand and follow broad and complex instructions;
• Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service;
• Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
• Work independently and prioritize multiple tasks and adapt to needed changes;
• Remain calm under high pressure/difficult situations.

Education

• Bachelor’s degree in computer science, business, or a related field

Required Skills and Experience

• 5+ years of experience conducting security control assessments or audits
• 2+ years of experience developing or managing a security awareness program
• Knowledge of information security standards and information privacy laws
• Knowledge of core security controls and systems such as risk analysis quantification and points of escalation
• Knowledge of IT security regulations and standards, such as ISO and Sarbanes-Oxley
• Knowledge of cloud technologies and IaaS, PaaS, and SaaS platforms
• Demonstrated ability to implement new policies and programs
• Strong written and verbal communication skills
• Strong analytical and critical thinking skills

Preferred Qualifications

• Professional certification, such as CISA, CISM, CRISC, CISSP, or ISAAP

#LI-WW1