Supplier Risk Specialist

PANDORA’s Digital & Technology Hub in Warsaw is a key part of the world’s largest jewelry brand, supporting millions of people in expressing their emotions through meaningful jewelry. As one of our fast-growing global locations, Warsaw Hub plays a vital role in driving digital innovation, delivering scalable technology solutions and supporting our global transformation journey. Our teams work closely with colleagues across the globe, including our headquarters in Copenhagen, to shape the future of digital in retail and e-commerce. We’re proud of our inclusive, people-first culture, guided by our values: We Care, We Dream, We Dare, We Deliver.

We are seeking a person with some experience in data protection and cyber security.

As our new Supplier Risk Specialist, you will be responsible for assessing, monitoring and managing the information security risks associated with third-party vendors of Pandora. The role is to ensure that vendors comply with Pandora’s information security policies, industry regulations and best practices.

• Conducting information security risk assessments of third-party vendors, identifying potential threats, vulnerabilities, control and compliance gaps.
• Providing recommendations on vendor selection based on risk analysis and security posture.
• Continuously monitoring vendor security posture and risk levels through periodic reassessments and audits.
• Maintaining detailed records of vendor assessments and ensure audit readiness.
• Educating vendors on security best practices and required improvements as part of the risk mitigation efforts.
• Tracking, analyzing and reporting on vendor security risks, trends and remediation efforts.
• Developing and enhancing the Vendor Risk Management (VRM) methodologies, processes and tools.
• Staying up to date with emerging security threats, vulnerabilities and regulatory changes that may impact the VRM process.

• An excellent communicator with strong negotiation and stakeholder management skills, ideally from working with internal stakeholders to managing vendor relationships. You have an organized and detailed-oriented approach to your work.
• 2+ years of experience within vendor risk management, information security, or a related area
• Bachelor's degree in cyber security, information technology, risk management, or a related field
• Professional English and Polish proficiency, both verbal and written
• Knowledge of cyber security frameworks, risk assessment methodologies and/or regulatory requirements would be beneficial
• Experience with vendor risk management tools (e.g. BitSight, OneTrust, CyberVadis, CyberGRX) would be a plus
• Certifications such as CISSP (ISC2), CISM (ISACA), CRISC (ISACA) or CTPRP (Certified Third-Party Risk Professional) would be a plus

• Stable employment on the basis of an employment contract with a basic salary and a achievable annual bonus
• Hybrid work model (our office is located at Domaniewska 28, with free employee parking available upon prior reservation)
• Attractive discounts on Pandora products
• Flexible working hours (start 7am-10am, finish 3pm-6pm)
• Support for professional competence development (including knowledge sharing, professional training)
• PREMIUM package of MEDICOVER medical care with dental care
• Generali Life Insurance
• Sports membership card
• Benefits available in cafeteria program on the MyBenefit platform
• Additional days off e.g. for birthdays, health check