Listing Description
At Trustly, we’re passionate about simplifying the way people pay and get paid online. We’re a licensed payment institution and our B2B products available across Europe, North America and Australia attract global merchants in segments such as e-commerce, telecom, travel, financial services and gaming. In June 2018, private equity firm Nordic Capital acquired a majority stake in Trustly with ambitions to support us in becoming the leading global online banking payments provider.
We are a diverse and fast-growing team with our headquarters in Stockholm, Sweden, and 9 additional offices across Europe and North America. Together we are leading the development of the payments industry and the work you’ll do here will make a great impact.
About the role
As part of fulfilling the objective of becoming the leading global online banking payments provider, we are strengthening our capability in the information and cyber security area. We are now looking for an Information Security Officer to join the Information Security team. You will be part of a small group of security professionals ensuring security lies in the core of everything we build and operate.
Information Security is located in the 2nd line of defense, and is responsible for steering and oversight of Trustly’s security program. Trustly operates a collaborative security model, where security is everybody's business, and the actual work takes place in the 1st line of defense, in multiple teams across the organization.
Information Security has the responsibility to map our regulatory and business requirements into our ISMS, meaning our security policies and procedures, and to measure how well we adhere to these policies. We are also responsible for the overall security strategy, and to advise on all matters of security to the business and our top management.
The Information Security Officer is an important part of the Information Security team, and will report directly to the European CISO also located in the Stockholm office. The CISO has over 20 years of experience in the IT security industry, and a mix of management and technical background.
There is also a Security Engineering team dedicated to IT security as part of the Tech organization, that we will work closely with and spend a lot of time with.
What you'll doWrite security policies, online trainings, or all-hands presentations on all kinds of security matters. Our ISMS will guide us on what to write, but this role needs to excel at written communication and presentations.Act as stand-in CISO when requiredHelp business leaders with risk assessment and risk managementManage 3rd party providers and the approval process for the entire European businessResponsibility to manage the ISMS, map regulatory and business requirements in accordance with the ISO 27001 guidelines and frameworkTranslate regulatory ICT requirements into tangible, understandable, and measurable policy requirements Assist on our journey towards ISO 27001 certification in late 2023 Lead implementation of security projects from the 2nd line. That means that we can recommend, encourage, or sponsor projects, but the ultimate prioritization and decision will always lie with the business in the 1st line of defense. Benchmark our ISMS with other security standards such as NIST’s cybersecurity frameworkAssist the business with requirements, surveys and questionnaires from customers and suppliersWork with Key Risk Indicators that define our risk appetite as an organizationHelp leaders in the 1st line with writing procedures matching our policies, but their ways of workingStay current on new trends and solutions, visit events and exhibitions, e.g. the RSA security conferenceMaintain contacts throughout the collaborative security organization
Who you areYou have spent many years doing information security, doing work to improve the organisation's security postureYou enjoy working in a fast-paced organisation where you will be challenged daily to make sure security enables our maintained speed forward rather than inhibiting itExperience and clarity on what is a reasonable level of security for a payment provider, as well as the balancing act of security controls VS business needs, for example, how long should a password be? Does password length matter in the context of 2fa? How often should passwords be changed? We need to stand on the shoulders of giants, meaning provide references to why we think this or that in our policiesWe attach great importance to personal qualities and see that you are a person with excellent communicative ability who can connect theory with practice and adapt your message and communication style to your audienceYou are analytically inclined and you like to share information and conclusions with others, you take pride in what you do and like to make a positive differenceAny experience of Information security regulation in the UK/FCA or Luxembourg is greatly valuedExperience from and ability to drive larger technology initiatives in collaboration with stakeholders in different levels of the organisationWe honor and believe you have some industry certifications such as: CISM, ISO 27001 lead implementer, CISA or maybe technical standards like CISSP or a OSCP, the certifications may be active or since long expiredGreat social skills, and preferably the ability to give and receive feedback, without offending, which will be part of the jobExcellent written communication and presentations skillsYou need to be fluent in English, written and spokenWritten and spoken Swedish is a great bonus, but not a requirementWe are looking for someone who is not afraid of voicing and acting on new ideas and values good communication with internal and external stakeholders. If you are passionate about working with different areas across the organization and like to manage and drive projects forward, then this would be an interesting role for you.
Apply now, we would love to talk to you!
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided