Information Security Officer (ISO)
Helsinki, Uusimaa, Finland
We founded Holvi in 2011, in Helsinki. As self-employed people wading through oceans of paperwork, we noticed something funny going on â traditional banks were giving us the cold shoulder. Why not help ourselves? We asked. And so, with time and effort (and lots of coffee), we mastered small business finance â and Holvi was born.
Our vision is simple: Eliminate the distractions of financial admin and simplify work life, because running a business is hard enough. Small businesses shouldnât have to worry about spreadsheets and lost receipts.
Right now, weâre looking for an Information Security Officer to join our team in Helsinki or Berlin.
You'll be working across all departments
As an ISO at Holvi, youâll be responsible for Holviâs Information Security programme and the main contributor to improving and maintaining its maturity level. Did you know that Holvi means vault? Your mission is to make Holvi safe as a vault by establishing and maintaining a corporate-wide information security management programme to ensure that information assets are adequately protected while working with executive management to determine acceptable levels of risk for the organisation.
Youâll be leading our Information Security team within the Control team in the second line of defence (2LoD).
Requirements
A typical day could see you:- Assessing threats to and vulnerabilities of computer system(s) to develop a security risk profile.
- Performing risk analysis (e.g., threat, vulnerability, and probability of occurrence)
- Identifying information security program implications of new technologies or technology upgrades.
- Developing risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed to address cost, schedule, performance, and security risks.
- Providing input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, operational procedures, and training materials).
- Participate in Risk Governance and Procurement process to provide security and technical risk assessments, mitigations, and address information security requirements and supply chain risks through procurement activities and recommend improvements.
- Preparing, distributing, and maintaining plans, policies, procedures, instructions, guidance, and standard operating procedures concerning information security.
- Implementing and integrating secure software development life cycle (SSDLC) methodologies into the development environment.
- Supporting necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, and compliance monitoring occurs).
- Advising senior management on risk levels and changes affecting the organisation's information security posture, cost/benefit analysis of information security programs, policies, processes, systems, and elements.
- Promoting awareness of security issues among management and ensuring sound security principles are reflected in the organisation's vision and goals.
- Providing enterprise information security and supply chain risk management guidance for the development of Business Continuity Management (BCM) Plans.
Requirements:
- At least 5 years of related experience with Information Security, supporting processes and procedures.
- Degree in business administration or a technology-related field required.
- Innovative thinking and leadership with an ability to lead and motivate own and cross-functional teams.
- Knowledge and practical experience with recognized industry security frameworks and compliance standards such as NIST, ISO, SOC, PCI-DSS and/or other best practices.
- Experience with cloud security practices (AWS)
- Knowledge of organisational information classification programs and procedures for incident management and information compromise.
- Experience with Information Security controls and procedures, management practices and risk management standards, methodologies and frameworks.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, encryption).
- Knowledge of network access, identity, and access management.
- You're fluent in English, both spoken and written)
Nice to haves:
- Professional security management certification for example CISSP, CISM or ISO 27001.
- Have strong knowledge/experience of the EU banking, payment or FinTech industry.
- Are comfortable with modern technology and working with remote teams
- Speak any additional languages, such as Finnish and/or German
Think you're a good fit?
Weâd love to hear from you! Please donât hesitate to apply even if you canât find yourself in each and every one of the above points. Send us your application by 30.04.2023 â but donât wait too long as we will fill this role as soon as we find the right person. You can read more about our recruitment process on our Careers page. If you want to learn more about the position, reach out to control-careers@holvi.com.
Benefits
- The chance to shape this role around what's good for you and Holvi
- Flexible working â we care about what you do, not the minutes you work
- Employee stock options â opportunity for equity in Holvi. Weâre investing in our futures, and would love to be in this together
Logistics
- This is a full-time position that comes with a permanent contract
- Your base will be in our Helsinki or Berlin office, remote work is possible
- We offer flexible working hours with core office hours between 10.00 and 15.00 local time â the rest is up to you
Equal Opportunity Statement
At Holvi, we embrace diversity in all of its forms and foster an inclusive environment for all people to live their best work life. This is central to our mission of promoting a healthy balance in all things we do.
We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index đ°
Tags: AWS Banking CISM CISSP Cloud Compliance Encryption Finance FinTech Firewalls Governance ISO 27001 Monitoring NIST Risk analysis Risk assessment Risk management RMF SDLC SOC Vulnerabilities
Perks/benefits: Equity Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs