Key skills
WorkdayLeadershipRisk ManagementCommunication
About this role
Role Overview
- Develop, maintain and communicate Trustly's information security framework (ISMS), including instructions and routines aligned with regulatory requirements and industry standards
- Lead information security risk assessments, define and track risk treatment plans, and keep the risk register current
- Assess the security posture of third-party vendors and partners during onboarding and through ongoing oversight, define contractual security requirements, and drive remediation of gaps
- Ensure business continuity, disaster recovery and crisis management capabilities meet regulatory requirements and are regularly tested
- Define and maintain security controls across areas such as access management, internal fraud prevention, monitoring and segregation of duties
- Ensure compliance with applicable regulatory requirements, contractual obligations and industry standards; coordinate and support internal and external audits and certifications
- Respond to customer due diligence requests, security questionnaires and supplier assessments
- Promote security awareness across the organisation through training, communication and guidance
- Manage the security incident process and the exception and risk acceptance process, ensuring deviations are documented and approved at the right level
- Act as stand-in for the Director of Security when required
Requirements
- 5+ years of experience in information security, with a focus on governance, risk management or compliance
- ideally in regulated financial services or payments
- Experience leading and building a team(s) and/or larger projects
- Strong working knowledge of ISO/IEC 27001
- Familiarity with frameworks such as NIST CSF will be considered as beneficial
- Practical experience translating regulatory requirements (e.g. any regulations and standards such as DORA, NIS 2, PSD2, EBA guidelines) into policy and process
- Proven experience with third-party risk management across the vendor lifecycle
- Excellent written and verbal communication
- you can write a clear policy, present to an all-hands audience, and advise senior leadership with equal ease
- Comfortable driving cross-functional initiatives and influencing stakeholders at all levels
- If you hold one or more relevant certifications (active or expired) such as CISM, ISO 27001 Lead Implementer, CISA, CISSP or similar, this is considered beneficial
- Fluent in English, written and spoken. Swedish is a bonus but not a requirement
Benefits
- 20 to 30 days of holiday to support a healthy work-life balance
- Monthly team outing allowance to enjoy social events with your colleagues
- Parental leave top-up additional support for new parents
- Daily breakfast and on-site perks to make your workday smoother
- Well-being support our health allowance covers gym memberships, massages, and much more to help you feel your best
- Additional benefits designed to enhance your work-life experience!