Security Professional - Information Security (ISMS)

Columbus, United States

Klarna logo
Klarna
Apply now Apply later

Posted 2 weeks ago

Klarna makes shopping smoooth. And we do it with flair because shopping is fun. Every day, we help customers, businesses, and partners explore just how smoooth the modern shopping experience can be. 
It means we’re constantly changing the game. Always trying out new things. And we encourage our people to do the same. To grow. To develop. Because we don’t believe roles have to stay fixed. Instead we inspire our people to take an irregular career path. As a company of 350 dynamic start-ups, our whole business is built for it. So once you’re in, there’s no telling what will happen next.
Engineering at Klarna is an inspired, customer focused community, dedicated to crafting solutions that redefine our industry. Working in small, highly collaborative Agile teams, you and your team will have a clear mission and ownership of an important outcome that supports Klarna and our customers. At Klarna we optimise for quality, flow, fast feedback, focussing on end-to-end ownership, continuous improvement, testing, monitoring and experimentation. We aim for teams that are inclusive, helpful, and have a strong sense of ownership for the things they build. Our engineers make some of the most significant decisions for the company and we are looking for bold, open and curious developers. As a Klarnaut, you’ll be inspired to contribute to the growth of Europe’s most highly valued fintech and your work will reach millions of users. Want to be part of the change? We're expanding several of our engineering teams, including; teams working on our core checkout product, payment services, fraud prevention, or improving our billing service and shipping credentials to name a few.

As part of our InfoSec team, you will

  • Improve and maintain our ISMS documents, starting with requirements analysis based on US and global laws and regulations for information security.
  • Work with our internal teams and engineers, and guide them in applying ISMS controls in an efficient and smoooth manner.
  • Spread security awareness in the organization and provide support in daily security compliance questions.
  • Our InfoSec team finds new ways to drive awareness. Placing ourselves in our colleagues’ shoes and mindset, we aim to understand how we can best support them. That’s why we have a communication specialist in our department and utilize many freelance artists to make our messages stick.
  • Participate in our risk management process as a stakeholder for information security topics.
  • Support our Procurement team in performing due diligence on new and existing suppliers.
  • Support our Sales teams during contract negotiation by answering to customer due diligences, including direct meetings with their compliance and security specialists.

To succeed in this role, we think you should have

  • A deep understanding of how information security assurance works in practice, and now you want to optimize and simplify its application.
  • 5+ years of experience as an Information Security Professional with a technical background, managing an ISMS or parts of it.
  • Created ISMS documents with a firm understanding of their impact on the organization, especially developers.
  • Experience with agile development and Linux environments.
  • Experience working with cloud-based technology, preferably Amazon Web Services.
  • A good understanding of how cloud architectures work and how security can be assured in them.
  • Firm understanding of how security governance needs to be applied to cloud environments to be efficient and effective.
  • Experience with industry standards for information security and understanding their underlying principles and reasoning.
  • Worked with ISAE 3000/3402, SOC 1/2, ISO 27000, ISO 31000 or PCI DSS.
  • Firm understanding of US laws and regulations in regard to information security.
  • Firm understanding of US business practices.
  • Bachelor’s degree (or higher) in Computer Science or a related discipline, or equivalent theoretical and practical knowledge.
  • Business-fluent written and spoken English. You can read and understand regulatory requirements and contracts without issues, and you can lead meetings in an efficient way.
  • Strong communication skills to effectively communicate with third parties such as customers, auditors, and government regulators in order to represent Klarna

Our way of working

  • In your heart, you know there is a better way of doing things. Challenge the old dogmas of slow and tedious information security work with miles of documentation and do away with the tick-the-box philosophy of security.
  • You are also grounded and understand that security has to be explained, and that others need assurance that information is secure in the same way that  we require assurance from our partners and service providers.
  • You love to try a new approach, think big, but you can also focus on details. Starting out small, and quickly try out your idea because you really want to see the results now, not in years.
  • You enjoy working with and in teams, and work together to achieve a common goal.
  • You are experienced enough to own and drive tasks independently. You can interact with different competences and internal and external stakeholders in a professional way.
About Klarna
Klarna was founded in Stockholm, Sweden in 2005. Since then, we’ve changed the banking industry forever. And now we’re creating the world’s smooothest shopping experience. We serve 80 million consumers worldwide, and partner with 190,000 merchants – with a new merchant joining us every 8 minutes. Including some of the world’s leading brands, such as H&M, ASOS, IKEA, Adidas, Samsung and Lufthansa. Our offices are spread over 18 different markets, hosted by +3000 people from 90 nationalities.
Job tags: Banking Linux PCI SOC 1
Share this job: