Information Security Officer

At Trustly, we’re passionate about simplifying the way people pay and get paid online. We are a licensed payment institution and our B2B products available across Europe and the US attract global merchants in segments such as e­-commerce, travel, financial services and gaming. In June 2018, private equity firm Nordic Capital acquired a majority stake in Trustly with ambitions to support us in becoming the leading global online banking payments provider.We are a diverse and fast-growing team with our headquarters in Stockholm, Sweden, and offices in Lisbon, Örebro, London, or Malta. The American operation has offices in the USA and Brazil. This role opening is to be located in our Stockholm headquarter where the rest of the european security team is currently placed. You can spend as much time as you like in our offices, or work from home or remote up to 50% of the time. Together we are leading the development of the payments industry and the work you’ll do here will make a great impact. Trustly is a tech company at heart. Two of our three founders are developers and you’ll get the chance to work alongside many talented and motivated colleagues who will help you learn and grow.About the Information Security teamAs part of fulfilling the objective of becoming the leading global online banking payments provider, we are strengthening our capability in the information and cyber security area. We are now looking for an Information Security Officer to join the Information Security team. You will be part of a small group of security professionals ensuring security lies in the core of everything we build and operate. Information Security is located in the 2:nd line of defense, and is responsible for steering and oversight of Trustly’s security program. Trustly operates a collaborative security model, where security is everybody's business, and the actual work takes place in the 1st line of defense, in multiple teams across the organization. Information Security has the responsibility to map our regulatory and business requirements into our ISMS, meaning our security policies and procedures, and to measure how well we adhere to these policies. We are also responsible for the overall security strategy, and to advise on all matters of security to the business and our top management. The Information Security Officer is an important part of the Information Security team, and will report directly to the European CISO also located in the Stockholm office. The CISO has over 20 years of experience in the IT security industry, and a mix of management and technical background. There is also a Security Engineering team dedicated to IT security as part of the Tech organization, that we will work closely with and spend a lot of time with.

What you'll do:

• Write security policies, online trainings, or all-hands presentations on all kinds of security matters. Our ISMS will guide us on what to write, but this role needs to excel at written communication and presentations. 
• Act as stand-in CISO when required. 
• Help business leaders with risk assessment and risk management.
• Manage 3rd party providers and the approval process for the entire European business. 
• Responsibility to manage the ISMS, map regulatory and business requirements in accordance with the ISO 27001 guidelines and framework. 
• Translate regulatory ICT requirements into tangible, understandable, and measurable policy requirements. 
• Assist on our journey towards ISO 27001 certification in late 2023. 
• Lead implementation of security projects from the 2nd line. That means that we can recommend, encourage, or sponsor projects, but the ultimate prioritization and decision will always lie with the business in the 1st line of defense. 
• Benchmark our ISMS with other security standards such as NIST’s cybersecurity framework.
• Assist the business with requirements, surveys and questionnaires from customers and suppliers. 
• Work with Key Risk Indicators that define our risk appetite as an organization.
• Help leaders in the 1st line with writing procedures matching our policies but their ways of working. 
• Stay current on new trends and solutions, visit events and exhibitions. Think of the RSA security conference. 
• Maintain contacts throughout the collaborative security organization. 

What we hope that you bring:

• You have spent a few years doing information security, doing work to improve the organisation's security posture. 
• You enjoy working in a fast-paced organisation where you will be challenged daily to make sure security enables our maintained speed forward rather than inhibiting it.
• Experience and clarity on what is a reasonable level of security for a payment provider, as well as the balancing act of security controls VS business needs. For example, how long should a password be? Does password length matter in the context of 2fa? How often should passwords be changed? We need to stand on the shoulders of giants, meaning provide references to why we think this or that in our policies. 
• We attach great importance to personal qualities and see that you are a person with excellent communicative ability who can connect theory with practice and adapt your message and communication style to your audience.
• You are analytically inclined and you like to share information and conclusions with others. You take pride in what you do and like to make a positive difference.

We believe you have several of the following qualities:

• Experience from and ability to drive larger technology initiatives in collaboration with stakeholders in different levels of the organisation.
• We honor and believe you have some industry certifications such as: CISM, ISO 27001 lead implementer, CISA or maybe technical standards like CISSP or a OSCP.
• The certifications may be active or since long expired.
• Great social skills, and preferably the ability to criticize without offending which will be part of the job. 
• Written and spoken Swedish is a great bonus, but not a requirement.
• Excellent written communication and presentations skills. 
• You need to be fluent in English, written and spoken. 
• Holding an active EU or Swedish work permit and visa.