Define and execute atNorth’s information security strategy, aligned with business objectives and growth plans
Act as senior authority and trusted advisor to executive leadership on information security, risk, threats, and compliance posture
Own and lead key compliance and certification programs, including SOC 2 Type II, NIS2, and ISO/IEC 27001 (including continuous improvement)
Establish and enforce governance structures that ensure clear control ownership and accountability across all departments
Drive remediation of non-compliance and escalate material risks or deviations to executive leadership when required
Ensure enterprise-wide information security risks are identified, prioritized, actively managed, and communicated in business-relevant terms
Lead incident response governance, executive communication, and post-incident corrective actions
Own and ensure the evolution and execution of the Business Continuity Management (BCM) framework
Act as primary interface for information security auditors, regulators, and customers
Lead and develop the information security team, setting clear direction, priorities, and accountability

Proven ability to drive organizational change and enforce information security requirements across multiple business units
Strong leadership presence with the ability to challenge, influence, and hold senior stakeholders accountable
Demonstrated success in building a culture of security accountability, not just awareness
Ability to operate effectively at both strategic and operational levels
Deep expertise in Information Security Management Systems (ISMS) and security governance
Strong knowledge of ISO 27001, related standards (including ISO 22301), and security architecture principles
Solid understanding of regulatory and certification environments, including NIS2 and SOC 2 Type II
Ability to translate technical risks into business impact and decision-making
Fluent written and spoken English, any Nordic language is considered as a merit.

Information Security Manager

Key skills