Information Security Officer (ISO)

We founded Holvi in 2011, in Helsinki. As self-employed people wading through oceans of paperwork, we noticed something funny going on – traditional banks were giving us the cold shoulder. Why not help ourselves? We asked. And so, with time and effort (and lots of coffee), we mastered small business finance – and Holvi was born.

Our vision is simple: Eliminate the distractions of financial admin and simplify work life, because running a business is hard enough. Small businesses shouldn’t have to worry about spreadsheets and lost receipts.

Right now, we’re looking for an Information Security Officer to join our team in Helsinki or Berlin.

You'll be working across all departments

As an ISO at Holvi, you’ll be responsible for Holvi’s Information Security programme and the main contributor to improving and maintaining its maturity level. Did you know that Holvi means vault? Your mission is to make Holvi safe as a vault by establishing and maintaining a corporate-wide information security management programme to ensure that information assets are adequately protected while working with executive management to determine acceptable levels of risk for the organisation.

You’ll be leading our Information Security team within the Control team in the second line of defence (2LoD).

Requirements

• Assessing threats to and vulnerabilities of computer system(s) to develop a security risk profile.
• Performing risk analysis (e.g., threat, vulnerability, and probability of occurrence)
• Identifying information security program implications of new technologies or technology upgrades.
• Developing risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed to address cost, schedule, performance, and security risks.
• Providing input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, operational procedures, and training materials).
• Participate in Risk Governance and Procurement process to provide security and technical risk assessments, mitigations, and address information security requirements and supply chain risks through procurement activities and recommend improvements.
• Preparing, distributing, and maintaining plans, policies, procedures, instructions, guidance, and standard operating procedures concerning information security.
• Implementing and integrating secure software development life cycle (SSDLC) methodologies into the development environment.
• Supporting necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, and compliance monitoring occurs).
• Advising senior management on risk levels and changes affecting the organisation's information security posture, cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• Promoting awareness of security issues among management and ensuring sound security principles are reflected in the organisation's vision and goals.
• Providing enterprise information security and supply chain risk management guidance for the development of Business Continuity Management (BCM) Plans.

Requirements:

• At least 5 years of related experience with Information Security, supporting processes and procedures.
• Degree in business administration or a technology-related field required.
• Innovative thinking and leadership with an ability to lead and motivate own and cross-functional teams.
• Knowledge and practical experience with recognized industry security frameworks and compliance standards such as NIST, ISO, SOC, PCI-DSS and/or other best practices.
• Experience with cloud security practices (AWS)
• Knowledge of organisational information classification programs and procedures for incident management and information compromise.
• Experience with Information Security controls and procedures, management practices and risk management standards, methodologies and frameworks.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, encryption).
• Knowledge of network access, identity, and access management.
• You're fluent in English, both spoken and written)

Nice to haves:

• Professional security management certification for example CISSP, CISM or ISO 27001.
• Have strong knowledge/experience of the EU banking, payment or FinTech industry.
• Are comfortable with modern technology and working with remote teams
• Speak any additional languages, such as Finnish and/or German

Think you're a good fit?

We’d love to hear from you! Please don’t hesitate to apply even if you can’t find yourself in each and every one of the above points. Send us your application by 30.04.2023 – but don’t wait too long as we will fill this role as soon as we find the right person. You can read more about our recruitment process on our Careers page. If you want to learn more about the position, reach out to control-careers@holvi.com.

Benefits

• The chance to shape this role around what's good for you and Holvi
• Flexible working – we care about what you do, not the minutes you work
• Employee stock options – opportunity for equity in Holvi. We’re investing in our futures, and would love to be in this together

Logistics

• This is a full-time position that comes with a permanent contract
• Your base will be in our Helsinki or Berlin office, remote work is possible
• We offer flexible working hours with core office hours between 10.00 and 15.00 local time – the rest is up to you

Equal Opportunity Statement

At Holvi, we embrace diversity in all of its forms and foster an inclusive environment for all people to live their best work life. This is central to our mission of promoting a healthy balance in all things we do.

We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.