At Goelett, we are an extraordinary mix of travel industry experts, product, and software engineers, developing a successful online booking tool for corporations and large organizations. Today, as a part of the sector leader S4BT Group, we support 500k+ business users making thousands of bookings a day.

We are seeking a Security Officer who can define and execute Goelett’s security and data protection strategy across the group and drive a security-first and privacy-first transformation in the way we operate. Following a ‘working backwards’ approach, the ideal candidate brings a risk-aware, customer-centric mindset, a strong track record of leading change, advising senior stakeholders, and building resilient, compliant, and high-performing organizations.

Work model: hybrid (3 days in the office + 2 days remote / weekly)

Your Responsibilities

Strategy, Governance & Leadership:

• Define and execute the group-wide information security and data protection strategy, aligned with business objectives and regulatory requirements.
• Establish and maintain a consistent security and privacy governance framework across all subsidiaries.
• Act as a trusted advisor to the Board and executive leadership on cyber risk, security investments, emerging threats, and data protection implications.

Security Operations & Risk Management:

• Oversee cyber defense operations, including incident response, threat intelligence, and security monitoring.
• Ensure robust and regularly tested business continuity and disaster recovery capabilities across the group.
• Lead security and privacy risk management activities, including risk assessments, DPIAs, penetration testing, and vulnerability remediation.
• Embed security-by-design and privacy-by-design principles into products, platforms, and technologies.

Compliance, Privacy & DPO Responsibilities:

• Own compliance with key international standards and regulations (ISO 27001, SOC2, PCI DSS, GDPR, NIS2, and related frameworks).
• Act as the Group Data Protection Officer (DPO), serving as the primary point of contact for supervisory authorities and data subjects.
• Oversee GDPR compliance, audits, and documentation (RoPA, retention policies, consent mechanisms, data processing agreements).
• Supervise handling of data subject rights and advise on lawful processing, cross-border data transfers, and sensitive data processing.
• Represent Goelett in engagements with regulators, auditors, and key clients, including security and privacy support for RFPs and due diligence processes.

People, Culture & Collaboration:

• Promote a strong security-first and privacy-first culture through awareness initiatives and training.
• Partner closely with Product, Engineering, Legal, HR, and Operations to ensure alignment between technical practices and regulatory obligations.
• Lead, mentor, and coordinate security and privacy teams across the group.

Your Skills and Experience

• 10+ years of experience in senior information security roles, including at least 5 years as a Security Officer, DPO, or equivalent role within a technology-driven or SaaS organization.
• Strong expertise in GDPR and global data protection regulations; prior experience as a formally appointed DPO is highly preferred.
• Deep knowledge of security frameworks, compliance standards, and regulatory requirements (ISO 27001, SOC2, PCI DSS, NIS2, etc.).
• Experience operating in international, multi-entity environments with distributed teams.
• Solid background in cloud security (AWS, Azure, Kubernetes, CI/CD) and data privacy engineering (encryption, DLP, key management, consent systems).
• Strong understanding of incident response, threat intelligence, DPIAs, and crisis management.
• Excellent communication skills with the ability to engage Board members, C-level stakeholders, regulators, and enterprise clients.
• Relevant certifications (e.g. CISSP, CISM, CISA, CCISO, CIPP/E, CIPM) are a strong advantage.
• Fluent English required; French or German is a plus.

What we offer

• A truly global perspective – develop your international mindset by collaborating daily with colleagues from diverse cultures and backgrounds across the world.
• Real impact – contribute to shaping the future of one of the most user-centric companies in the travel-tech industry. Your ideas and solutions will reach thousands of users globally.
• Hybrid work model – enjoy the flexibility of working 3 days from our office and 2 days remotely. Our office is located at Al. Jerozolimskie 180, Warsaw (Włochy)
• Medical care – because your well-being matters.
• Multisport card – keep your body as active as your mind.

• Extra days off – celebrate your day with a paid day off for your birthday, and another to give back through volunteering.
• Language courses – grow your communication skills and connect effortlessly in our multicultural environment.
• Team integrations & fun events
• Lunch vouchers – enjoy your breaks with tasty meals on us.