IT Security Analyst (She/ He/ They)

CAPCO POLAND* We are looking for Poland based candidate.Capco is a fully independent, global management and technology consultancy. For 25 years we have combined innovative thinking with deep industry knowledge to deliver business consulting, digital transformation and technology services to Finance and Energy markets. Our collaborative and efficient approach helps clients reduce costs and manage risk and regulatory change while increasing revenues. We are thinkers, innovators, and disruptors. We are small enough to care but large enough to matter.As an IT Security Analyst, you will play a key role in supporting a large-scale Secrets & Credential Management initiative. You will analyze current-state environments, identify control gaps, and define robust, scalable security requirements. Working across technical and business teams, you will help ensure that sensitive credentials are governed, controlled, and aligned with regulatory and operational expectations.Key Responsibilities:Conduct end-to-end analysis of secrets and credential management practices across applications, infrastructure, and platformsIdentify, classify, and document secrets, including ownership, usage, storage, lifecycle stage, and associated risksAssess control gaps (e.g., unmanaged credentials, hardcoded secrets, weak auditability) and define remediation approachesDefine functional and non-functional requirements for centralized secrets management solutionsFacilitate workshops with stakeholders to gather requirements, validate findings, and support governance activitiesRequired Skills and Experience:Experience in IT security analysis, security requirements engineering, or security governance within complex environmentsStrong understanding of IAM, PAM, least privilege, and secure access governance principlesKnowledge of credential types (passwords, SSH keys, API keys, tokens, certificates, service accounts)Ability to translate security risks and control gaps into actionable requirementsStrong communication and documentation skills, with the ability to collaborate across technical and non-technical teamsNice to have:Experience with secrets management tools such as CyberArk, HashiCorp Vault, or cloud-native solutionsFamiliarity with security frameworks (ISO 27001, NIST, CIS Controls)Experience in transformation or migration projects involving credential centralizationExposure to regulated or highly controlled environmentsExperience supporting enterprise-scale security initiativesWe have been informed of several recruitment scams targeting the public. We strongly advise you to verify identities before engaging in recruitment related communication. All official Capco communication will be conducted via a Capco recruiter.We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects.