Cybersecurity & Compliance Manager

Náplň práce, právomoci a zodpovednosti:

About this role

Brightpick is building the next generation of warehouse automation. Our AI-driven robotic systems help companies streamline e-commerce fulfillment faster and more cost-effectively. We’re growing quickly and looking for a hands-on cybersecurity professional to help us raise the bar on security and compliance as we scale.

You will lead the implementation of Brightpick’s cybersecurity and compliance strategy across software development, delivery, and IT. Reporting to the Director of Software Engineering and working closely with the Director of IT and the Senior Management Board, you will be instrumental in shaping a secure-by-design culture as we pursue ISO/IEC 27001 certification and align with EU and U.S. cybersecurity regulations, including the Cyber Resilience Act (CRA) and NIS2 Directive (and its transpositions).

You will be involved from the early stages of the project processing pipeline and are expected to communicate proactively with customer IT security departments and other external stakeholders to align on security expectations and requirements.

Location

Hybrid (minimum 3 days/week in-office, Bratislava, Slovakia)

Type of employment

Full-time

Salary (brutto)

From 3500 EUR/month

Core responsibilities:

• Lead the implementation of cybersecurity and compliance practices across software development, delivery, and IT
• Establish and lead a cybersecurity team
• Define, implement, and maintain Brightpick’s cybersecurity strategy
• Drive and coordinate ISO/IEC 27001 certification and related audits
• Ensure compliance with GDPR, the EU Cyber Resilience Act (CRA), NIS2 Directive, and relevant U.S. frameworks (e.g., NIST CSF 2.0)
• Schedule, oversee, and interpret penetration testing; translate findings into actionable security improvements
• Synthesize regulatory, audit, and client requirements into concrete development and process goals
• Establish and oversee vulnerability detection and risk rating processes, including integration into development and CI pipelines
• Define and drive the implementation of a software update and patch management policy
• Work closely with external cybersecurity service providers and consultants to enhance our security posture
• Collaborate closely with the Legal department on compliance, regulatory alignment, and incident response preparedness
• Proactively communicate with customer IT security departments and external stakeholders to ensure alignment with security requirements
• Oversee employee security awareness training and cross-functional security initiatives
• Collaborate with engineering on secure development practices, vulnerability scanning, and SBOM generation
• Support the creation and ongoing improvement of the Business Continuity Plan and Disaster Recovery Plan
• Manage third-party security assessments and client security requests
• Oversee security practices and data protection policies in our cloud infrastructure (Google Cloud Platform)

Requirements:

• Master’s degree in Information Technology, Cybersecurity, or a related field
• Minimum of 4 years of experience in cybersecurity and compliance roles
• Strong understanding of ISO/IEC 27001, GDPR, CRA, NIS2, and U.S. frameworks such as NIST CSF 2.0
• Fluency in Slovak and English (written and spoken)
• Proven leadership and team-building experience, including hiring and mentoring cybersecurity talent
• Goal-driven mindset with the ability to translate high-level objectives into operational results
• Experience with security operations, policies, risk management, and audits
• Familiarity with tools like SIEM, MFA, password vaults, vulnerability scanners, and SBOM pipelines
• Experience with Google Cloud Platform (GCP) or similar cloud environments
• Relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer) are a plus

Language Requirements:

• Primary language: Slovak
• English proficiency: C1 level

Benefits (eligible only for internal employees):

• Daily breakfast in the office
• Option of working from home/hybrid work (in case the position allows it)
• Flexible work schedule (in case the position allows it)
• Sick days
• Parking for everyone, bike storage with showers and changing rooms on site at our HQ
• Rooftop terrace with nice view of Bratislava
• Dog friendly office
• Multisport Card
• Referral program

Additional benefits you can choose from after 1st year:

• Multisport Card (with company contribution)
• Contribution to a recreation stay
• Year-round healthcare access at ProCare
• Supplementary pension contribution (III pilier)
• Brain boost - budget for professional development
• Annual public transportation pass
• E-Shop voucher to buy anything you might need