Sybilla Technologies Logo

Job offer

Cybersecurity Policies Expert (external)

About Sybilla Technologies

Sybilla Technologies designs, builds, and operates robotic optical observatories for monitoring objects in space. We specialize in end-to-end systems and software for automated data acquisition, analysis, and scheduling across networks of sensors.  

Our work spans Space Situational Awareness, Space Surveillance & Tracking, Space Traffic Management, as well as stellar and planetary research, education, and commercial on-demand observations. By combining cutting-edge technology with advanced software, we enable faster, smarter, and more reliable insights from space.   

We are looking for an Cybersecurity & Risk Expert (external) to design and implement a pragmatic, scalable Information Security Management System (ISMS). 

The role combines compliance with ISO 27001, NIS2, GDPR, and a practical, risk‑driven approach to security. We seek someone who understands both formal requirements and real‑world attack scenarios, and can translate that knowledge into effective policies, processes, and employee behavior. 

The goal is to deliver clear, actionable frameworks and a security baseline the organization can realistically maintain after the engagement, while identifying risks and challenging existing assumptions. 

Your responsibilities:

  • Assess the organization’s current information security posture, including governance, processes, and selected technical controls.
  • Design and implement a scalable ISMS aligned with ISO 27001 and adapted to the company’s size and risk profile. 
  • Evaluate security risks from an attacker’s perspective, including threat modeling, key vulnerabilities, and attack paths. 
  • Identify high‑impact attack scenarios and translate them into clear, prioritized mitigation actions. 
  • Establish and maintain a risk register with defined prioritization (likelihood/impact), ownership, and mitigation plans, including incident and access management processes. 
  • Review system architecture and key platforms from a high‑level, non‑operational security perspective. 
  • Prepare the organization for certification and external audits (ISO 27001, client, and regulatory requirements). 
  • Deliver security awareness training to employees (target: >90% completion). 
  • Present a final report and security roadmap to the Management Board. 
  • Advise on whether and when to appoint a Data Protection Officer (DPO/IOD). 
  • Define a minimum viable security baseline that clearly describes “what good looks like”. 

Requirements:

  • 10+ years of experience in information security, with proven project‑based achievements.
  • Experience in offensive security, penetration testing, or red teaming is a strong advantage.
  • Ability to think like an attacker and translate technical risk into business impact.
  • Hands‑on experience implementing ISO 27001 and preparing organizations for audits.
  • Solid understanding of GDPR and NIS2 requirements.
  • Knowledge of risk management tools and environments (e.g. SIEM, PAM, MDM, ERP/CRM integrations).
  • Strong advisory and documentation skills.
  • Relevant certifications (e.g. CISSP, CISM, ISO 27001 Lead Auditor) are a plus.
  • Ability to deliver independently in a freelance or consulting capacity.
  • Experience working with scale‑ups or mid‑size technology companies.

What we offer:

  • Contract: B2B / freelance, project-based (approx. 6 months).
  • Payment: 150-230 h on invoice.
  • Fully remote collaboration, with occasional travel to headquarters in Bydgoszcz if required.
  • Compensation aligned with senior expert and freelance market rates.
Apply Here