Jobless Developer
Trustly logo
Trustly

Posted 1 month ago

Open

Information Security Officer

StockholmOn-siteFull-time

AI Summary

Experienced information security officer responsible for governance, risk, and compliance across Trustly's security program, including ISMS, third-party risk, and incident management.

About this role

WHO WE ARE
At Trustly, we're building a smarter, faster, and more secure financial future by revolutionizing the world of payments. As a global leader in Open Banking Payments, we are establishing Pay by Bank as the new standard at checkout, providing unparalleled freedom, speed, and ease to millions of consumers and merchants worldwide.

Our Ambition: To build the world’s most disruptive payment network and redefine what the payment experience should feel like.

Trustly is a global team of innovators, collaborators, and doers. If you are driven by a strong sense of purpose and thrive in a dynamic, entrepreneurial, and high-growth environment, join us and be part of a team that’s transforming the way the world pays.

ABOUT THE TEAM

The Security team is Trustly's first line of defence. We do the hands-on security work - running risk assessments, reviewing vendors, maintaining policies and procedures, driving business continuity and disaster recovery, and making sure security is embedded in how Trustly builds and operates its products. We work closely with engineering, legal, finance, risk & compliance, HR and senior leadership, and partner with the second line for governance and oversight.

ABOUT THE ROLE

We are looking for an experienced Information Security Officer to join the Information Security team, reporting to the Director of Security in Stockholm. The role sits in the first line of defence, meaning you will be directly responsible for executing and operating security activities - not just governing or overseeing them.

You will work across the full breadth of the role — owning and driving security governance, risk management, third-party oversight, business continuity, compliance and awareness. You will be expected to work independently, influence decisions across teams, and improve how we operate. At the more senior end, you will help shape security strategy and act as stand-in for the Director of Security when needed.

What you'll do

  • Develop, maintain and communicate Trustly's information security framework (ISMS), including instructions and routines aligned with regulatory requirements and industry standards

  • Lead information security risk assessments, define and track risk treatment plans, and keep the risk register current

  • Assess the security posture of third-party vendors and partners during onboarding and through ongoing oversight, define contractual security requirements, and drive remediation of gaps

  • Ensure business continuity, disaster recovery and crisis management capabilities meet regulatory requirements and are regularly tested

  • Define and maintain security controls across areas such as access management, internal fraud prevention, monitoring and segregation of duties

  • Ensure compliance with applicable regulatory requirements, contractual obligations and industry standards; coordinate and support internal and external audits and certifications

  • Respond to customer due diligence requests, security questionnaires and supplier assessments

  • Promote security awareness across the organisation through training, communication and guidance

  • Manage the security incident process and the exception and risk acceptance process, ensuring deviations are documented and approved at the right level

  • Act as stand-in for the Director of Security when required

    • Who you are

  • 5+ years of experience in information security, with a focus on governance, risk management or compliance - ideally in regulated financial services or payments

  • Experience leading and building a team(s) and/or larger projects

  • Strong working knowledge of ISO/IEC 27001

  • Familiarity with frameworks such as NIST CSF will be considered as beneficial

  • Practical experience translating regulatory requirements (e.g. any regulations and standards such as DORA, NIS 2, PSD2, EBA guidelines) into policy and process

  • Proven experience with third-party risk management across the vendor lifecycle

  • Excellent written and verbal communication - you can write a clear policy, present to an all-hands audience, and advise senior leadership with equal ease

  • Comfortable driving cross-functional initiatives and influencing stakeholders at all levels

  • If you hold one or more relevant certifications (active or expired) such as CISM, ISO 27001 Lead Implementer, CISA, CISSP or similar, this is considered beneficial

  • Fluent in English, written and spoken. Swedish is a bonus but not a requirement

    • Skills

    Access ManagementAudits And CertificationsBCP/DRCISACISMCISSPDORADue Diligence ResponsesEBA GuidelinesInformation Security GovernanceISO 27001 Lead ImplementerISO/IEC 27001NIS 2NIST CSFPSD2Regulatory ComplianceRisk AssessmentsSecurity Awareness TrainingSecurity ControlsSecurity Incident ManagementSecurity Policy DevelopmentVendor Risk Management

    Explore related jobs

    More jobs at Trustly

    Similar Access Management jobs

    Jobs in Stockholm

    Browse these categories

    Regulatory Compliance JobsJobs in StockholmJobs in Sweden