Security Professional - Information Security (ISMS)

About Klarna
Klarna was founded in Stockholm, Sweden in 2005. Since then we've changed the banking industry forever. And now we're creating the world's smoothest shopping experience. We serve over 90 million consumers worldwide, and partner with 200,000 merchants – with a new merchant joining us every 8 minutes. Including some of the world's leading brands, such as H&M, ASOS, IKEA, Adidas, Samsung and Lufthansa. Our offices are spread over 17 different markets, hosted by 3500+ employees from 90 nationalities.
Engineering at Klarna is an inspired, customer focused community, dedicated to crafting solutions that redefine our industry. Working in small, highly collaborative Agile teams, you and your team will have a clear mission and ownership of an important outcome that supports Klarna and our customers. At Klarna we optimise for quality, flow, fast feedback, focussing on end-to-end ownership, continuous improvement, testing, monitoring and experimentation. We aim for teams that are inclusive, helpful, and have a strong sense of ownership for the things they build. Our engineers make some of the most significant decisions for the company and we are looking for bold, open and curious developers. As a Klarnaut, you’ll be inspired to contribute to the growth of Europe’s most highly valued fintech and your work will reach millions of users. Want to be part of the change? We're expanding several of our engineering teams, including; teams working on our core checkout product, payment services, fraud prevention, or improving our billing service and shipping credentials to name a few.

As a part of our InfoSec team, you will

• Improve and maintain our ISMS documents, starting with requirements analysis based on US and global laws and regulations for information security.
• Work with our internal teams and engineers, and guide them in applying ISMS controls in an efficient and smoooth manner.
• Spread security awareness in the organization and provide support in daily security compliance questions.
• Our InfoSec team finds new ways to drive awareness. Placing ourselves in our colleagues’ shoes and mindset, we aim to understand how we can best support them. That’s why we have a communication specialist in our department and utilize many freelance artists to make our messages stick.
• Participate in our risk management process as a stakeholder for information security topics.
• Support our Procurement team in performing due diligence on new and existing suppliers.
• Support our Sales teams during contract negotiation by answering to customer due diligences, including direct meetings with their compliance and security specialists.

To succeed in this role, we think you should have

• A deep understanding of how information security assurance works in practice, and now you want to optimize and simplify its application.
• 5+ years of experience as an Information Security Professional with a technical background, managing an ISMS or parts of it.
• Created ISMS documents with a firm understanding of their impact on the organization, especially developers.
• Experience with agile development and Linux environments.
• Experience working with cloud-based technology, preferably Amazon Web Services.
• A good understanding of how cloud architectures work and how security can be assured in them.
• Firm understanding of how security governance needs to be applied to cloud environments to be efficient and effective.
• Experience with industry standards for information security and understanding their underlying principles and reasoning.
• Worked with ISAE 3000/3402, SOC 1/2, ISO 27000, ISO 31000 or PCI DSS.
• Firm understanding of US laws and regulations in regard to information security.
• Firm understanding of US business practices.
• Bachelor’s degree (or higher) in Computer Science or a related discipline, or equivalent theoretical and practical knowledge.
• Business-fluent written and spoken English. You can read and understand regulatory requirements and contracts without issues, and you can lead meetings in an efficient way.
• Strong communication skills to effectively communicate with third parties such as customers, auditors, and government regulators in order to represent Klarna

Our way of working

• In your heart, you know there is a better way of doing things. Challenge the old dogmas of slow and tedious information security work with miles of documentation and do away with the tick-the-box philosophy of security.
• You are also grounded and understand that security has to be explained, and that others need assurance that information is secure in the same way that  we require assurance from our partners and service providers.
• You love to try a new approach, think big, but you can also focus on details. Starting out small, and quickly try out your idea because you really want to see the results now, not in years.
• You enjoy working with and in teams, and work together to achieve a common goal.
• You are experienced enough to own and drive tasks independently. You can interact with different competences and internal and external stakeholders in a professional way.